From b2a5dfd68269469a6eadb93325ff1738d2b5b7f4 Mon Sep 17 00:00:00 2001
From: Ludovic Stephan <ludovic.stephan@ens.fr>
Date: Fri, 14 Apr 2017 12:51:58 -0300
Subject: [PATCH] Move permission check

---
 kfet/views.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/kfet/views.py b/kfet/views.py
index ca6cab8d..16fdc44c 100644
--- a/kfet/views.py
+++ b/kfet/views.py
@@ -1470,6 +1470,10 @@ def history_json(request):
     accounts = request.GET.getlist('accounts[]', None)
     transfers_only = request.GET.get('transfersonly', None)
 
+    # Un non-membre de l'équipe n'a que accès à son historique
+    if not request.user.has_perm('kfet.is_team'):
+        accounts = [request.user.profile.account]
+
     # Construction de la requête (sur les opérations) pour le prefetch
     ope_queryset_prefetch = Operation.objects.select_related(
             'canceled_by', 'addcost_for',
@@ -1524,9 +1528,6 @@ def history_json(request):
         opegroups = OperationGroup.objects.none()
     if accounts:
         opegroups = opegroups.filter(on_acc_id__in=accounts)
-    # Un non-membre de l'équipe n'a que accès à son historique
-    if not request.user.has_perm('kfet.is_team'):
-        opegroups = opegroups.filter(on_acc=request.user.profile.account_kfet)
 
     # Construction de la réponse
     related_data = defaultdict(list)