DGNum/gestioCOF
15
2
Fork 2
Code Issues 79 Pull requests 18 Projects Releases 12 Packages Wiki Activity Actions

Move permission check

Browse source
This commit is contained in:
Ludovic Stephan 2017-04-14 12:51:58 -03:00
parent 100686457b
commit b2a5dfd682
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
kfet/views.py
View file

@ -1470,6 +1470,10 @@ def history_json(request):
accounts = request.GET.getlist('accounts[]', None) accounts = request.GET.getlist('accounts[]', None)
transfers_only = request.GET.get('transfersonly', None) transfers_only = request.GET.get('transfersonly', None)
# Un non-membre de l'équipe n'a que accès à son historique
if not request.user.has_perm('kfet.is_team'):
accounts = [request.user.profile.account]
# Construction de la requête (sur les opérations) pour le prefetch # Construction de la requête (sur les opérations) pour le prefetch
ope_queryset_prefetch = Operation.objects.select_related( ope_queryset_prefetch = Operation.objects.select_related(
'canceled_by', 'addcost_for', 'canceled_by', 'addcost_for',
@ -1524,9 +1528,6 @@ def history_json(request):
opegroups = OperationGroup.objects.none() opegroups = OperationGroup.objects.none()
if accounts: if accounts:
opegroups = opegroups.filter(on_acc_id__in=accounts) opegroups = opegroups.filter(on_acc_id__in=accounts)
# Un non-membre de l'équipe n'a que accès à son historique
if not request.user.has_perm('kfet.is_team'):
opegroups = opegroups.filter(on_acc=request.user.profile.account_kfet)
# Construction de la réponse # Construction de la réponse
related_data = defaultdict(list) related_data = defaultdict(list)