forked from wagtail/wagtail
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve filtering of audit logging based on the user's permissions
Until now, a user could see the audit log for all (!) custom models, permissions haven't been checked yet. This may disclose sensitive information to unauthorized admin users. Now, only log entries of those content types are displayed, where the user has at least one permission. This change also fixes an issue with the log entries for pages: If the user only had access to specific parts of the sitetree, the audit log still contained all entries of the ancestor pages which the user actually couldn't view/edit. For this, parts of the UserPagePermissionsProxy's explorable_pages() have been extracted into a new viewable_pages() method. Fixes wagtail#9181
- Loading branch information
Showing
4 changed files
with
144 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters