k-space/inventory-app
13
0
Fork 0
Code Issues 16 Pull Requests 1 Packages Activity

Fix edit permissions check
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Madis Mägi
2024-07-27 23:27:39 +03:00
parent fb4470fcde
commit 1e0f81fbb3
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
inventory-app/inventory.py
View File

@@ -143,13 +143,13 @@ def check_edit_permission(item_id):
item = db.inventory.find_one(filter = { "_id": ObjectId(item_id) }, projection = { "inventory.owner": 1 }) item = db.inventory.find_one(filter = { "_id": ObjectId(item_id) }, projection = { "inventory.owner": 1 })
if not item: if not item:
return False return False
item_username = item.get("inventory", {}).get("owner", {}).get("username", False)
user_username = user.get("username", False)
user_groups = user.get("groups", []) user_groups = user.get("groups", [])
if not item_username or not user_username:
return False
if any(group in user_groups for group in ["k-space:board", "k-space:kubernetes:admins"]): if any(group in user_groups for group in ["k-space:board", "k-space:kubernetes:admins"]):
return True return True
item_username = item.get("inventory", {}).get("owner", {}).get("username", False)
user_username = user.get("username", False)
if not item_username or not user_username:
return False
return item_username == user_username return item_username == user_username
@page_inventory.route("/m/inventory/<item_id>/edit", methods=['GET']) @page_inventory.route("/m/inventory/<item_id>/edit", methods=['GET'])