mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-22 14:13:21 +00:00
Better protection for stats
This commit is contained in:
parent
a078bae260
commit
8787e5e708
@ -265,7 +265,13 @@ class UserStatsView(UserTabsMixin, CanViewMixin, DetailView):
|
||||
def dispatch(self, request, *arg, **kwargs):
|
||||
profile = self.get_object()
|
||||
|
||||
if (profile != request.user and not request.user.is_root):
|
||||
if not hasattr(profile, "customer"):
|
||||
raise Http404
|
||||
|
||||
if not (profile == request.user
|
||||
or request.user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
|
||||
or request.user.is_in_group(settings.SITH_BAR_MANAGER['unix_name']+settings.SITH_BOARD_SUFFIX)
|
||||
or request.user.is_root):
|
||||
raise PermissionDenied
|
||||
|
||||
return super(UserStatsView, self).dispatch(request, *arg, **kwargs)
|
||||
|
Loading…
Reference in New Issue
Block a user