mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-22 22:23:23 +00:00
Better protection for stats
This commit is contained in:
parent
a078bae260
commit
8787e5e708
@ -265,7 +265,13 @@ class UserStatsView(UserTabsMixin, CanViewMixin, DetailView):
|
|||||||
def dispatch(self, request, *arg, **kwargs):
|
def dispatch(self, request, *arg, **kwargs):
|
||||||
profile = self.get_object()
|
profile = self.get_object()
|
||||||
|
|
||||||
if (profile != request.user and not request.user.is_root):
|
if not hasattr(profile, "customer"):
|
||||||
|
raise Http404
|
||||||
|
|
||||||
|
if not (profile == request.user
|
||||||
|
or request.user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
|
||||||
|
or request.user.is_in_group(settings.SITH_BAR_MANAGER['unix_name']+settings.SITH_BOARD_SUFFIX)
|
||||||
|
or request.user.is_root):
|
||||||
raise PermissionDenied
|
raise PermissionDenied
|
||||||
|
|
||||||
return super(UserStatsView, self).dispatch(request, *arg, **kwargs)
|
return super(UserStatsView, self).dispatch(request, *arg, **kwargs)
|
||||||
|
Loading…
Reference in New Issue
Block a user