Permissions for activities must be more specific to prevent that anyone can validate its own activity

This commit is contained in:
Yohann D'ANELLO 2020-08-15 22:24:48 +02:00
parent 5f8c4a2857
commit 5abbb84254
1 changed files with 146 additions and 20 deletions

View File

@ -551,22 +551,6 @@
"description": "Voir toutes les activités valides" "description": "Voir toutes les activités valides"
} }
}, },
{
"model": "permission.permission",
"pk": 35,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "",
"permanent": false,
"description": "Modifier les activités non validées dont on est l'auteur"
}
},
{ {
"model": "permission.permission", "model": "permission.permission",
"pk": 36, "pk": 36,
@ -2375,6 +2359,134 @@
"description": "Supprimer une facture" "description": "Supprimer une facture"
} }
}, },
{
"model": "permission.permission",
"pk": 152,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "name",
"permanent": false,
"description": "Modifier le nom d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 153,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "description",
"permanent": false,
"description": "Modifier la description d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 154,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "location",
"permanent": false,
"description": "Modifier le lieu d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 155,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "activity_type",
"permanent": false,
"description": "Modifier le type d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 156,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "organizer",
"mask": 1,
"field": "name",
"permanent": false,
"description": "Modifier l'organisateur d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 157,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "attendees_club",
"permanent": false,
"description": "Modifier le club attendu d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 158,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "date_start",
"permanent": false,
"description": "Modifier la date de début d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 159,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "date_end",
"permanent": false,
"description": "Modifier la date de fin d'une activité non validée dont on est l'auteur"
}
},
{ {
"model": "permission.role", "model": "permission.role",
"pk": 1, "pk": 1,
@ -2409,7 +2521,6 @@
"name": "Adh\u00e9rent Kfet", "name": "Adh\u00e9rent Kfet",
"permissions": [ "permissions": [
34, 34,
35,
36, 36,
6, 6,
39, 39,
@ -2431,7 +2542,15 @@
101, 101,
108, 108,
109, 109,
144 144,
152,
153,
154,
155,
156,
157,
158,
159
] ]
} }
}, },
@ -2600,7 +2719,6 @@
32, 32,
33, 33,
34, 34,
35,
36, 36,
37, 37,
38, 38,
@ -2713,7 +2831,15 @@
148, 148,
149, 149,
150, 150,
151 151,
152,
153,
154,
155,
156,
157,
158,
159
] ]
} }
}, },