From 2f018f8c9dfbe007e4e628836a115ba081a5d1fb Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Sun, 2 Aug 2020 08:57:16 +0200 Subject: [PATCH] Always query distinct objects --- apps/member/views.py | 2 +- apps/note/views.py | 8 ++++++-- apps/permission/views.py | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index d065b2b6..30fbb139 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -131,7 +131,7 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): """ We can't display information of a not registered user. """ - return super().get_queryset().filter(profile__registration_valid=True).distinct() + return super().get_queryset().filter(profile__registration_valid=True) def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) diff --git a/apps/note/views.py b/apps/note/views.py index 61b86e92..ef9da668 100644 --- a/apps/note/views.py +++ b/apps/note/views.py @@ -33,7 +33,9 @@ class TransactionCreateView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTabl extra_context = {"title": _("Transfer money")} def get_queryset(self, **kwargs): - return super().get_queryset(**kwargs).order_by("-created_at").all()[:20] + return Transaction.objects.filter( + PermissionBackend.filter_queryset(self.request.user, Transaction, "view") + ).order_by("-created_at").all()[:20] def get_context_data(self, **kwargs): """ @@ -139,7 +141,9 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView): table_class = HistoryTable def get_queryset(self, **kwargs): - return super().get_queryset(**kwargs).order_by("-created_at")[:20] + return Transaction.objects.filter( + PermissionBackend.filter_queryset(self.request.user, Transaction, "view") + ).order_by("-created_at").all()[:20] def get_context_data(self, **kwargs): """ diff --git a/apps/permission/views.py b/apps/permission/views.py index 83deddac..9132e5f0 100644 --- a/apps/permission/views.py +++ b/apps/permission/views.py @@ -20,7 +20,7 @@ class ProtectQuerysetMixin: """ def get_queryset(self, **kwargs): qs = super().get_queryset(**kwargs) - return qs.filter(PermissionBackend.filter_queryset(self.request.user, qs.model, "view")) + return qs.filter(PermissionBackend.filter_queryset(self.request.user, qs.model, "view")).distinct() def get_form(self, form_class=None): form = super().get_form(form_class)