From 95d1ac5cc9346c81d8dee6a684fd4c6d79fcdd3f Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Fri, 24 Jan 2025 15:23:23 +0100 Subject: 🐛 fix own permission check (refs #6126) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ishtar_common/views_item.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'ishtar_common') diff --git a/ishtar_common/views_item.py b/ishtar_common/views_item.py index ae8c1cd47..89caaef77 100644 --- a/ishtar_common/views_item.py +++ b/ishtar_common/views_item.py @@ -222,12 +222,15 @@ def check_permission(request, action_slug, obj=None): main_menu.init() if action_slug not in main_menu.items: # not an action -> a classic permission + if "." not in action_slug: + return False if request.user.ishtaruser.has_permission(action_slug): return True if not obj: return False - parts = action_slug.split("_") - action_slug = f"{parts[0]}_own_{'_'.join(parts[1:])}" + app, model_name = action_slug.split(".") + parts = model_name.split("_") + action_slug = f"{app}.{parts[0]}_own_{'_'.join(parts[1:])}" return request.user.ishtaruser.has_permission(action_slug, obj) if obj: return main_menu.items[action_slug].is_available( -- cgit v1.2.3