From 0ac417c52c268a9609c31ba16b8cee0b1914d6bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Valenta?= <git@imaniti.org>
Date: Wed, 3 May 2023 11:39:43 +0200
Subject: [PATCH] fix object based permissions
---
contracts/admin.py | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/contracts/admin.py b/contracts/admin.py
index d80d314..a4d1a21 100644
--- a/contracts/admin.py
+++ b/contracts/admin.py
@@ -260,14 +260,14 @@ class ContractAdmin(
if (
obj is None # Creating confidential data, creator will be request.user
or obj.created_by == request.user
- or request.user.has_perm("view_confidential", obj)
+ or request.user.has_perm("view_confidential")
):
fieldsets[0][1]["fields"].insert(
fieldsets[0][1]["fields"].index("is_public") + 1,
"publishing_rejection_comment",
)
- if obj is not None and request.user.has_perm("approve", obj):
+ if obj is not None and request.user.has_perm("approve"):
fieldsets.insert(
5,
("Schválení", {"fields": ["is_approved"]}),
@@ -337,7 +337,7 @@ class ContractAdmin(
if (
obj is not None
and obj.is_approved
- and not request.user.has_perm("contracts.edit_when_approved", obj)
+ and not request.user.has_perm("contracts.edit_when_approved")
):
return False
@@ -347,7 +347,7 @@ class ContractAdmin(
if (
obj is not None
and obj.is_approved
- and not request.user.has_perm("contracts.delete_when_approved", obj)
+ and not request.user.has_perm("contracts.delete_when_approved")
):
return False
@@ -456,7 +456,7 @@ class SigneeAdmin(OwnPermissionsMixin, MarkdownxGuardedModelAdmin):
if (
obj is None # Creating
or obj.entity_has_public_address
- or request.user.has_perm("contracts.view_confidential", obj)
+ or request.user.has_perm("contracts.view_confidential")
):
entity_type_index = fields.index("entity_type") + 1
--
GitLab