klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2024-11-21 21:53:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix permissions on download pictures feature

Browse Source
This commit is contained in:
Antoine Bartuccio 2022-08-09 18:11:20 +02:00
parent 6e77edcf67
commit 7c4c1bc387
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/views/sas.py
View File

@ -6,7 +6,7 @@ from rest_framework.renderers import JSONRenderer
from rest_framework.request import Request
from rest_framework.response import Response
from core.views import can_edit_prop
from core.views import can_edit
from core.models import User
from sas.models import Picture
@ -24,7 +24,7 @@ def all_pictures_of_user(user: User) -> List[Picture]:
@renderer_classes((JSONRenderer,))
def all_pictures_of_user_endpoint(request: Request, user: int):
requested_user: User = get_object_or_404(User, pk=user)
if not can_edit_prop(requested_user, request.user):
if not can_edit(requested_user, request.user):
raise PermissionDenied
return Response(

4
core/templates/core/user_pictures.jinja
View File

@ -5,7 +5,9 @@
{% endblock %}
{% block content %}
<button id="download_all_pictures", onclick=download_pictures()>{% trans %}Download all my pictures{% endtrans %}</button>
{% if can_edit(profile, user) %}
<button id="download_all_pictures", onclick=download_pictures()>{% trans %}Download all my pictures{% endtrans %}</button>
{% endif %}
{% for a in albums %}
<div style="padding: 10px">
<h4>{{ a.name }}</h4>