k-space/inventory-app
13
0
Fork 0
Code Issues 16 Pull Requests 1 Packages Activity

Handle private visibility in item view
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Madis Mägi
2025-01-20 23:31:33 +02:00
parent f322ba842c
commit 3b9e52199f
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
inventory-app/inventory.py
View File

@@ -41,11 +41,14 @@ def view_inventory_view(item_id):
if not item: if not item:
return abort(404) return abort(404)
item_user = item.get("inventory", {}).get("user", {}).get("username", None) item_user = item.get("inventory", {}).get("user", {}).get("username", None)
item_owner = item.get("inventory", {}).get("owner", {}).get("username", None)
if not user: if not user:
if item["inventory"].get("visibility") not in ["public"]: if item["inventory"].get("visibility") not in ["public"]:
return do_login() return do_login()
template = "inventory_view_public.html" template = "inventory_view_public.html"
redirect_url = urllib.parse.quote_plus(request.full_path) redirect_url = urllib.parse.quote_plus(request.full_path)
elif item["inventory"].get("visibility") == "private" and item_owner != user["username"] and "k-space:inventory:edit" not in user.get("groups", []):
return abort(403)
else: else:
can_audit = "k-space:inventory:audit" in user.get("groups", []) can_audit = "k-space:inventory:audit" in user.get("groups", [])
can_edit = check_edit_permission(item_id) can_edit = check_edit_permission(item_id)