Permalink
Browse files

#MC-364 Add Work Development 10m adds Admin artefact access to user w…

…ith artefacts.change_artefact permission

- adds Admin artefact access to user with  artefacts.change_artefact permission not only to django superuser.
  (for use by members of Micorr Admin group)
  • Loading branch information...
bletourmy committed Nov 21, 2018
1 parent 8b9b871 commit d93d66f605379949483a1dc9e909cb8bb50287fc
Showing with 2 additions and 2 deletions.
  1. +2 −2 micorr/artefacts/views.py
@@ -525,7 +525,7 @@ def isArtefactOfConnectedUser(request, artefact_id):
def hasWriteRight(request, artefact_id, token_uuid):
has_write_right = False

if request.user.is_superuser or (isArtefactOfConnectedUser(request, artefact_id)) or (getTokenRightByUuid(token_uuid) == 'W'):
if request.user.is_superuser or request.user.has_perm('artefacts.change_artefact') or (isArtefactOfConnectedUser(request, artefact_id)) or (getTokenRightByUuid(token_uuid) == 'W'):
has_write_right = True
return has_write_right

@@ -536,7 +536,7 @@ def hasWriteRight(request, artefact_id, token_uuid):
# artefact was validated by a micorr admin
def hasReadRight(request, artefact_id, token_uuid):
has_write_right = False
if request.user.is_superuser or isArtefactOfConnectedUser(request, artefact_id) or getTokenRightByUuid(token_uuid) == 'R' or isValidatedById(artefact_id):
if request.user.is_superuser or request.user.has_perm('artefacts.change_artefact') or ('foo.view_bar')or isArtefactOfConnectedUser(request, artefact_id) or getTokenRightByUuid(token_uuid) == 'R' or isValidatedById(artefact_id):
has_write_right = True
return has_write_right

0 comments on commit d93d66f

Please sign in to comment.