Some permissions fixs and security for atomic vote

2025-07-11 04:19:25 +00:00 · 2016-12-26 23:30:13 +01:00
parent 729659e358
commit 2f2d5292de
4 changed files with 34 additions and 16 deletions
--- a/election/models.py
+++ b/election/models.py
@ -128,7 +128,7 @@ class Candidature(models.Model):
    election_list = models.ForeignKey(ElectionList, related_name='candidatures', verbose_name=_('election list'))

    def can_be_edited_by(self, user):
-        return (user == self.user)
+        return (user == self.user) or user.can_edit(self.role.election)

    def __str__(self):
        return "%s : %s" % (self.role.title, self.user.username)