From 9f1ae7f9b3fab995748ead2549b77d4d0605521f Mon Sep 17 00:00:00 2001 From: Andrea Lepori Date: Tue, 11 Jan 2022 16:01:54 +0100 Subject: hide user from data request if not approved --- server/views.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'server') diff --git a/server/views.py b/server/views.py index 0e032f0..c91db1e 100644 --- a/server/views.py +++ b/server/views.py @@ -1472,11 +1472,13 @@ def data_request(request): if "request" not in request.POST.keys(): context["error"] = "Selezionare una richesta" elif request.POST["request"] == "email_all": - users_email = User.objects.filter(groups__name=parent_group).values_list("email", flat=True) + perm = Permission.objects.get(codename="approved") + users_email = User.objects.filter(groups__name=parent_group, user_permissions=perm).values_list("email", flat=True) data = ", ".join(users_email) context["data"] = data elif request.POST["request"] == "email_non_staff": - users_email = User.objects.filter(groups__name=parent_group).exclude(groups__name="capi").values_list("email", flat=True) + perm = Permission.objects.get(codename="approved") + users_email = User.objects.filter(groups__name=parent_group, user_permission=perm).exclude(groups__name="capi").values_list("email", flat=True) data = ", ".join(users_email) context["data"] = data elif request.POST["request"] == "data_user": -- cgit v1.2.1