Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Set default can_edit and can_move_page permissions to user.is_staff t…

…o prevent unnecessary leakage of sensitive data to non-staff users
  • Loading branch information...
commit f319badc53a2c2f4c663aae6843047c1b736794d 1 parent 293c43f
Dennis Bunskoek dbunskoek authored
Showing with 2 additions and 2 deletions.
  1. +2 −2 fiber/permissions.py
4 fiber/permissions.py
View
@@ -33,13 +33,13 @@ def can_edit(self, user, obj):
"""
Should return :const:`True` if user is allowed to edit `obj`.
"""
- return True
+ return user.is_staff
def can_move_page(self, user, page):
"""
Should return :const:`True` if user is allowed to move page.
"""
- return True
+ return user.is_staff
def object_created(self, user, obj):
"""
Please sign in to comment.
Something went wrong with that request. Please try again.