Fix edit permissions check
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This commit is contained in:
parent
fb4470fcde
commit
1e0f81fbb3
@ -143,13 +143,13 @@ def check_edit_permission(item_id):
|
|||||||
item = db.inventory.find_one(filter = { "_id": ObjectId(item_id) }, projection = { "inventory.owner": 1 })
|
item = db.inventory.find_one(filter = { "_id": ObjectId(item_id) }, projection = { "inventory.owner": 1 })
|
||||||
if not item:
|
if not item:
|
||||||
return False
|
return False
|
||||||
item_username = item.get("inventory", {}).get("owner", {}).get("username", False)
|
|
||||||
user_username = user.get("username", False)
|
|
||||||
user_groups = user.get("groups", [])
|
user_groups = user.get("groups", [])
|
||||||
if not item_username or not user_username:
|
|
||||||
return False
|
|
||||||
if any(group in user_groups for group in ["k-space:board", "k-space:kubernetes:admins"]):
|
if any(group in user_groups for group in ["k-space:board", "k-space:kubernetes:admins"]):
|
||||||
return True
|
return True
|
||||||
|
item_username = item.get("inventory", {}).get("owner", {}).get("username", False)
|
||||||
|
user_username = user.get("username", False)
|
||||||
|
if not item_username or not user_username:
|
||||||
|
return False
|
||||||
return item_username == user_username
|
return item_username == user_username
|
||||||
|
|
||||||
@page_inventory.route("/m/inventory/<item_id>/edit", methods=['GET'])
|
@page_inventory.route("/m/inventory/<item_id>/edit", methods=['GET'])
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user