FIX: setup permission check based on group membership.

former permission check, based on django model permission won't work, because we have no model, that would create the permission.
2019-11-08 11:17:25 +01:00
parent 8bd936d2ca
commit 96ad5b30d4
3 changed files with 7 additions and 3 deletions
--- a/dav_submission/views.py
+++ b/dav_submission/views.py
@@ -82,7 +82,8 @@ class ListView(generic.ListView):

    @method_decorator(login_required)
    def dispatch(self, request, *args, **kwargs):
-        if not request.user.has_perm('download_submissions'):
+        permission_group = app_config.settings.download_group
+        if not request.user.groups.filter(name=permission_group).exists():
            raise PermissionDenied()
        return super(ListView, self).dispatch(request, *args, **kwargs)

@@ -130,7 +131,8 @@ class DownloadView(generic.DetailView):

    @method_decorator(login_required)
    def dispatch(self, request, *args, **kwargs):
-        if not request.user.has_perm('download_submissions'):
+        permission_group = app_config.settings.download_group
+        if not request.user.groups.filter(name=permission_group).exists():
            raise PermissionDenied()
        return super(DownloadView, self).dispatch(request, *args, **kwargs)