mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-21 21:53:30 +00:00
Fix permissions on download pictures feature
This commit is contained in:
parent
6e77edcf67
commit
7c4c1bc387
@ -6,7 +6,7 @@ from rest_framework.renderers import JSONRenderer
|
|||||||
from rest_framework.request import Request
|
from rest_framework.request import Request
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
|
|
||||||
from core.views import can_edit_prop
|
from core.views import can_edit
|
||||||
from core.models import User
|
from core.models import User
|
||||||
from sas.models import Picture
|
from sas.models import Picture
|
||||||
|
|
||||||
@ -24,7 +24,7 @@ def all_pictures_of_user(user: User) -> List[Picture]:
|
|||||||
@renderer_classes((JSONRenderer,))
|
@renderer_classes((JSONRenderer,))
|
||||||
def all_pictures_of_user_endpoint(request: Request, user: int):
|
def all_pictures_of_user_endpoint(request: Request, user: int):
|
||||||
requested_user: User = get_object_or_404(User, pk=user)
|
requested_user: User = get_object_or_404(User, pk=user)
|
||||||
if not can_edit_prop(requested_user, request.user):
|
if not can_edit(requested_user, request.user):
|
||||||
raise PermissionDenied
|
raise PermissionDenied
|
||||||
|
|
||||||
return Response(
|
return Response(
|
||||||
|
@ -5,7 +5,9 @@
|
|||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
<button id="download_all_pictures", onclick=download_pictures()>{% trans %}Download all my pictures{% endtrans %}</button>
|
{% if can_edit(profile, user) %}
|
||||||
|
<button id="download_all_pictures", onclick=download_pictures()>{% trans %}Download all my pictures{% endtrans %}</button>
|
||||||
|
{% endif %}
|
||||||
{% for a in albums %}
|
{% for a in albums %}
|
||||||
<div style="padding: 10px">
|
<div style="padding: 10px">
|
||||||
<h4>{{ a.name }}</h4>
|
<h4>{{ a.name }}</h4>
|
||||||
|
Loading…
Reference in New Issue
Block a user