From 5f309f54798b1a7a0fe6ef8060a8c9a77b3b6d04 Mon Sep 17 00:00:00 2001 From: Andrea Lepori Date: Sat, 14 Aug 2021 11:38:40 +0200 Subject: fix RO documents visible for non group capi --- client/views.py | 9 ++++----- server/views.py | 8 +++++--- version.txt | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/client/views.py b/client/views.py index 73a252a..d18c074 100644 --- a/client/views.py +++ b/client/views.py @@ -41,15 +41,14 @@ def index(request): context = {"user_code": user_code} else: # get user group - group = request.user.groups.values_list('name', flat=True)[0] + groups = request.user.groups.values_list('name', flat=True) + group = groups[0] # get group settings settings = GroupSettings.objects.filter(group__name=group) - # check if settings exists - if len(settings) == 0: - group_view = False - else: + # check if settings exists and user is in group capi + if len(settings) != 0 and "capi" in groups: # set settings value group_view = settings[0].view_documents diff --git a/server/views.py b/server/views.py index 1cf3ac7..244bf60 100644 --- a/server/views.py +++ b/server/views.py @@ -40,11 +40,13 @@ def isStaff(user): # function to check if "aggiunto" has permission to view documents def isCapi_enabled(user): - group = user.groups.values_list('name', flat=True)[0] + groups = user.groups.values_list('name', flat=True) + group = groups[0] settings = GroupSettings.objects.filter(group__name=group) - if len(settings) == 0: + if len(settings) != 0 and "capi" in groups: + return settings[0].view_documents + else: return False - return settings[0].view_documents @user_passes_test(isStaff) def index(request): diff --git a/version.txt b/version.txt index 8bdde2f..8e2a6b5 100644 --- a/version.txt +++ b/version.txt @@ -1,2 +1,2 @@ version=0.3 -rev=1 +rev=2 -- cgit v1.2.1