k-space/inventory-app
13
0
Fork 0
Code Issues 16 Pull Requests 1 Packages Activity

Change visibility logic
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Madis Mägi
2025-01-26 00:00:34 +02:00
parent 48ad03f1a1
commit c7ae5e3065
1 changed files with 1 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
inventory-app/inventory.py
View File

@@ -41,14 +41,11 @@ def view_inventory_view(item_id):
if not item: if not item:
return abort(404) return abort(404)
item_user = item.get("inventory", {}).get("user", {}).get("username", None) item_user = item.get("inventory", {}).get("user", {}).get("username", None)
item_owner = item.get("inventory", {}).get("owner", {}).get("username", None)
if not user: if not user:
if item["inventory"].get("visibility") not in ["public"]: if item["inventory"].get("visibility") not in ["public", "unlisted"]:
return do_login() return do_login()
template = "inventory_view_public.html" template = "inventory_view_public.html"
redirect_url = urllib.parse.quote_plus(request.full_path) redirect_url = urllib.parse.quote_plus(request.full_path)
elif item["inventory"].get("visibility") == "private" and item_owner != user["username"] and "k-space:inventory:edit" not in user.get("groups", []):
return abort(403)
else: else:
can_audit = "k-space:inventory:audit" in user.get("groups", []) can_audit = "k-space:inventory:audit" in user.get("groups", [])
can_edit = check_edit_permission(item_id) can_edit = check_edit_permission(item_id)