From 9f1ae7f9b3fab995748ead2549b77d4d0605521f Mon Sep 17 00:00:00 2001
From: Andrea Lepori <alepori@student.ethz.ch>
Date: Tue, 11 Jan 2022 16:01:54 +0100
Subject: hide user from data request if not approved

---
 server/views.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'server/views.py')

diff --git a/server/views.py b/server/views.py
index 0e032f0..c91db1e 100644
--- a/server/views.py
+++ b/server/views.py
@@ -1472,11 +1472,13 @@ def data_request(request):
         if "request" not in request.POST.keys():
             context["error"] = "Selezionare una richesta"
         elif request.POST["request"] == "email_all":
-            users_email = User.objects.filter(groups__name=parent_group).values_list("email", flat=True)
+            perm = Permission.objects.get(codename="approved")
+            users_email = User.objects.filter(groups__name=parent_group, user_permissions=perm).values_list("email", flat=True)
             data = ", ".join(users_email)
             context["data"] = data
         elif request.POST["request"] == "email_non_staff":
-            users_email = User.objects.filter(groups__name=parent_group).exclude(groups__name="capi").values_list("email", flat=True)
+            perm = Permission.objects.get(codename="approved")
+            users_email = User.objects.filter(groups__name=parent_group, user_permission=perm).exclude(groups__name="capi").values_list("email", flat=True)
             data = ", ".join(users_email)
             context["data"] = data
         elif request.POST["request"] == "data_user":
-- 
cgit v1.2.1