mirror of
https://github.com/ae-utbm/sith.git
synced 2024-12-22 15:51:19 +00:00
Fix permissions on download pictures feature
This commit is contained in:
parent
6e77edcf67
commit
7c4c1bc387
@ -6,7 +6,7 @@ from rest_framework.renderers import JSONRenderer
|
||||
from rest_framework.request import Request
|
||||
from rest_framework.response import Response
|
||||
|
||||
from core.views import can_edit_prop
|
||||
from core.views import can_edit
|
||||
from core.models import User
|
||||
from sas.models import Picture
|
||||
|
||||
@ -24,7 +24,7 @@ def all_pictures_of_user(user: User) -> List[Picture]:
|
||||
@renderer_classes((JSONRenderer,))
|
||||
def all_pictures_of_user_endpoint(request: Request, user: int):
|
||||
requested_user: User = get_object_or_404(User, pk=user)
|
||||
if not can_edit_prop(requested_user, request.user):
|
||||
if not can_edit(requested_user, request.user):
|
||||
raise PermissionDenied
|
||||
|
||||
return Response(
|
||||
|
@ -5,7 +5,9 @@
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<button id="download_all_pictures", onclick=download_pictures()>{% trans %}Download all my pictures{% endtrans %}</button>
|
||||
{% if can_edit(profile, user) %}
|
||||
<button id="download_all_pictures", onclick=download_pictures()>{% trans %}Download all my pictures{% endtrans %}</button>
|
||||
{% endif %}
|
||||
{% for a in albums %}
|
||||
<div style="padding: 10px">
|
||||
<h4>{{ a.name }}</h4>
|
||||
|
Loading…
Reference in New Issue
Block a user