From 9f1ae7f9b3fab995748ead2549b77d4d0605521f Mon Sep 17 00:00:00 2001 From: Andrea Lepori Date: Tue, 11 Jan 2022 16:01:54 +0100 Subject: hide user from data request if not approved --- server/views.py | 6 ++++-- version.txt | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/server/views.py b/server/views.py index 0e032f0..c91db1e 100644 --- a/server/views.py +++ b/server/views.py @@ -1472,11 +1472,13 @@ def data_request(request): if "request" not in request.POST.keys(): context["error"] = "Selezionare una richesta" elif request.POST["request"] == "email_all": - users_email = User.objects.filter(groups__name=parent_group).values_list("email", flat=True) + perm = Permission.objects.get(codename="approved") + users_email = User.objects.filter(groups__name=parent_group, user_permissions=perm).values_list("email", flat=True) data = ", ".join(users_email) context["data"] = data elif request.POST["request"] == "email_non_staff": - users_email = User.objects.filter(groups__name=parent_group).exclude(groups__name="capi").values_list("email", flat=True) + perm = Permission.objects.get(codename="approved") + users_email = User.objects.filter(groups__name=parent_group, user_permission=perm).exclude(groups__name="capi").values_list("email", flat=True) data = ", ".join(users_email) context["data"] = data elif request.POST["request"] == "data_user": diff --git a/version.txt b/version.txt index b58ad09..38b0958 100644 --- a/version.txt +++ b/version.txt @@ -1,2 +1,2 @@ version=0.4 -rev=28 +rev=29 -- cgit v1.2.1