Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Fukász Rómeó Ervin
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
91be5c4c
authored
Sep 24, 2014
by
Kálmán Viktor
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
dashboard: fix perm of profile view
parent
b63173e2
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
19 additions
and
0 deletions
+19
-0
circle/dashboard/views/user.py
+19
-0
No files found.
circle/dashboard/views/user.py
View file @
91be5c4c
...
...
@@ -285,6 +285,25 @@ class ProfileView(LoginRequiredMixin, DetailView):
slug_field
=
"username"
slug_url_kwarg
=
"username"
def
get
(
self
,
*
args
,
**
kwargs
):
user
=
self
.
request
.
user
target
=
self
.
get_object
()
# get the list of groups where the user is operator
user_g_w_op
=
GroupProfile
.
get_objects_with_level
(
"operator"
,
user
)
# get the list of groups the "target" (the profile) is member of
target_groups
=
GroupProfile
.
objects
.
filter
(
group__in
=
target
.
groups
.
all
())
intersection
=
set
(
user_g_w_op
)
.
intersection
(
target_groups
)
# if the intersection of the 2 lists is empty the logged in user
# has no permission to check the target's profile
# (except if the user want to see his own profile)
if
len
(
intersection
)
<
1
and
target
!=
user
:
raise
PermissionDenied
return
super
(
ProfileView
,
self
)
.
get
(
*
args
,
**
kwargs
)
def
get_context_data
(
self
,
**
kwargs
):
context
=
super
(
ProfileView
,
self
)
.
get_context_data
(
**
kwargs
)
user
=
self
.
get_object
()
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment