mirror of
https://gitlab.crans.org/bde/nk20
synced 2024-11-27 02:43:01 +00:00
no need to be static after all
This commit is contained in:
parent
d4b8d35206
commit
8ab142c122
@ -89,7 +89,6 @@ class PermissionBackend(ModelBackend):
|
|||||||
query = query | perm.query
|
query = query | perm.query
|
||||||
return query
|
return query
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def has_perm(self, user_obj, perm, obj=None):
|
def has_perm(self, user_obj, perm, obj=None):
|
||||||
if user_obj is None or isinstance(user_obj, AnonymousUser):
|
if user_obj is None or isinstance(user_obj, AnonymousUser):
|
||||||
return False
|
return False
|
||||||
|
@ -42,7 +42,7 @@ class StrongDjangoObjectPermissions(DjangoObjectPermissions):
|
|||||||
|
|
||||||
perms = self.get_required_object_permissions(request.method, model_cls)
|
perms = self.get_required_object_permissions(request.method, model_cls)
|
||||||
# if not user.has_perms(perms, obj):
|
# if not user.has_perms(perms, obj):
|
||||||
if not all(PermissionBackend.has_perm(user, perm, obj) for perm in perms):
|
if not all(PermissionBackend().has_perm(user, perm, obj) for perm in perms):
|
||||||
# If the user does not have permissions we need to determine if
|
# If the user does not have permissions we need to determine if
|
||||||
# they have read permissions to see 403, or not, and simply see
|
# they have read permissions to see 403, or not, and simply see
|
||||||
# a 404 response.
|
# a 404 response.
|
||||||
|
Loading…
Reference in New Issue
Block a user