Merge branch 'master' into 'tresorerie'

# Conflicts: # apps/note/fixtures/initial.json # templates/base.html
2025-06-28 20:33:00 +02:00 · 2020-03-25 00:30:14 +01:00
parent 075cb1b592 0ac94547d1
commit 57a01c48a8
12 changed files with 167 additions and 60 deletions
--- a/apps/permission/fixtures/initial.json
+++ b/apps/permission/fixtures/initial.json
@ -650,4 +650,4 @@
      ]
    }
  }
-]
+]
--- a/apps/permission/permissions.py
+++ b/apps/permission/permissions.py
@ -2,6 +2,7 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 from rest_framework.permissions import DjangoObjectPermissions
+from .backends import PermissionBackend

 SAFE_METHODS = ('HEAD', 'OPTIONS', )

@ -41,8 +42,8 @@ class StrongDjangoObjectPermissions(DjangoObjectPermissions):
        user = request.user

        perms = self.get_required_object_permissions(request.method, model_cls)
-
-        if not user.has_perms(perms, obj):
+        # if not user.has_perms(perms, obj):
+        if not all(PermissionBackend().has_perm(user, perm, obj) for perm in perms):
            # If the user does not have permissions we need to determine if
            # they have read permissions to see 403, or not, and simply see
            # a 404 response.