extern/mediacms
1
0
Fork 0
mirror of https://github.com/mediacms-io/mediacms.git synced 2024-11-22 08:13:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix permission for user deletion (#127)

Browse Source
This commit is contained in:
Markos Gogoulos 2021-04-20 21:52:09 +03:00 committed by GitHub
parent 10f198fff3
commit 6a5c57f2b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cms/permissions.py
View File

@ -24,7 +24,10 @@ class IsUserOrManager(permissions.BasePermission):
if is_mediacms_manager(request.user): if is_mediacms_manager(request.user):
return True return True
return obj.user == request.user if hasattr(obj, 'user'):
return obj.user == request.user
else:
return obj == request.user
class IsUserOrEditor(permissions.BasePermission): class IsUserOrEditor(permissions.BasePermission):

2
templates/config/core/user.html
View File

@ -15,7 +15,7 @@ MediaCMS.user = {
addComment: true, addComment: true,
deleteComment: {% if CAN_DELETE_COMMENTS %}true{% else %}false{% endif %}, deleteComment: {% if CAN_DELETE_COMMENTS %}true{% else %}false{% endif %},
editProfile: {% if CAN_EDIT %}true{% else %}false{% endif %}, editProfile: {% if CAN_EDIT %}true{% else %}false{% endif %},
deleteProfile: {% if CAN_DELETE_PROFILE %}true{% else %}false{% endif %}, deleteProfile: {% if CAN_DELETE %}true{% else %}false{% endif %},
manageMedia: {% if IS_MEDIACMS_ADMIN or IS_MEDIACMS_MANAGER or IS_MEDIACMS_EDITOR %}true{% else %}false{% endif %}, manageMedia: {% if IS_MEDIACMS_ADMIN or IS_MEDIACMS_MANAGER or IS_MEDIACMS_EDITOR %}true{% else %}false{% endif %},
manageUsers: {% if IS_MEDIACMS_ADMIN or IS_MEDIACMS_MANAGER %}true{% else %}false{% endif %}, manageUsers: {% if IS_MEDIACMS_ADMIN or IS_MEDIACMS_MANAGER %}true{% else %}false{% endif %},
manageComments: {% if IS_MEDIACMS_ADMIN or IS_MEDIACMS_MANAGER or IS_MEDIACMS_EDITOR %}true{% else %}false{% endif %}, manageComments: {% if IS_MEDIACMS_ADMIN or IS_MEDIACMS_MANAGER or IS_MEDIACMS_EDITOR %}true{% else %}false{% endif %},

14
users/views.py
View File

@ -59,10 +59,10 @@ def view_user_media(request, username):
context["user"] = user context["user"] = user
context["CAN_EDIT"] = ( context["CAN_EDIT"] = (
True True
if ((user and user == request.user) or request.user.is_superuser) if ((user and user == request.user) or is_mediacms_manager(request.user))
else False else False
) )
context["CAN_DELETE"] = True if request.user.is_superuser else False context["CAN_DELETE"] = True if is_mediacms_manager(request.user) else False
context["SHOW_CONTACT_FORM"] = ( context["SHOW_CONTACT_FORM"] = (
True if (user.allow_contact or is_mediacms_editor(request.user)) else False True if (user.allow_contact or is_mediacms_editor(request.user)) else False
) )
@ -78,10 +78,10 @@ def view_user_playlists(request, username):
context["user"] = user context["user"] = user
context["CAN_EDIT"] = ( context["CAN_EDIT"] = (
True True
if ((user and user == request.user) or request.user.is_superuser) if ((user and user == request.user) or is_mediacms_manager(request.user))
else False else False
) )
context["CAN_DELETE"] = True if request.user.is_superuser else False context["CAN_DELETE"] = True if is_mediacms_manager(request.user) else False
context["SHOW_CONTACT_FORM"] = ( context["SHOW_CONTACT_FORM"] = (
True if (user.allow_contact or is_mediacms_editor(request.user)) else False True if (user.allow_contact or is_mediacms_editor(request.user)) else False
) )
@ -98,10 +98,10 @@ def view_user_about(request, username):
context["user"] = user context["user"] = user
context["CAN_EDIT"] = ( context["CAN_EDIT"] = (
True True
if ((user and user == request.user) or request.user.is_superuser) if ((user and user == request.user) or is_mediacms_manager(request.user))
else False else False
) )
context["CAN_DELETE"] = True if request.user.is_superuser else False context["CAN_DELETE"] = True if is_mediacms_manager(request.user) else False
context["SHOW_CONTACT_FORM"] = ( context["SHOW_CONTACT_FORM"] = (
True if (user.allow_contact or is_mediacms_editor(request.user)) else False True if (user.allow_contact or is_mediacms_editor(request.user)) else False
) )
@ -136,7 +136,7 @@ def view_channel(request, friendly_token):
context["user"] = user context["user"] = user
context["CAN_EDIT"] = ( context["CAN_EDIT"] = (
True True
if ((user and user == request.user) or request.user.is_superuser) if ((user and user == request.user) or is_mediacms_manager(request.user))
else False else False
) )
return render(request, "cms/channel.html", context) return render(request, "cms/channel.html", context)