klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith3.git synced 2024-07-01 10:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix' into 'master'

Browse Source 
Better protection for stats

See merge request !58
This commit is contained in:
Skia 2017-03-28 15:58:30 +02:00
commit 33e4cd6ca4
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/views/user.py
View File

@ -265,7 +265,13 @@ class UserStatsView(UserTabsMixin, CanViewMixin, DetailView):
def dispatch(self, request, *arg, **kwargs):
profile = self.get_object()
if (profile != request.user and not request.user.is_root):
if not hasattr(profile, "customer"):
raise Http404
if not (profile == request.user
or request.user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
or request.user.is_in_group(settings.SITH_BAR_MANAGER['unix_name']+settings.SITH_BOARD_SUFFIX)
or request.user.is_root):
raise PermissionDenied
return super(UserStatsView, self).dispatch(request, *arg, **kwargs)