git://git.onelab.eu
/
plstackapi.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
5085ebf
)
raise PermissionDenied if someone tries to save an object without can_update rights
author
Scott Baker
<smbaker@gmail.com>
Fri, 3 Oct 2014 05:50:18 +0000
(22:50 -0700)
committer
Scott Baker
<smbaker@gmail.com>
Fri, 3 Oct 2014 05:50:18 +0000
(22:50 -0700)
planetstack/core/models/plcorebase.py
patch
|
blob
|
history
diff --git
a/planetstack/core/models/plcorebase.py
b/planetstack/core/models/plcorebase.py
index
8d657a7
..
b9692c6
100644
(file)
--- a/
planetstack/core/models/plcorebase.py
+++ b/
planetstack/core/models/plcorebase.py
@@
-5,6
+5,7
@@
from django.forms.models import model_to_dict
from django.core.urlresolvers import reverse
from django.forms.models import model_to_dict
from django.utils import timezone
from django.core.urlresolvers import reverse
from django.forms.models import model_to_dict
from django.utils import timezone
+from django.core.exceptions import PermissionDenied
import model_policy
try:
import model_policy
try:
@@
-128,12
+129,14
@@
class PlCoreBase(models.Model):
self.__initial = self._dict
def save_by_user(self, user, *args, **kwds):
self.__initial = self._dict
def save_by_user(self, user, *args, **kwds):
- if self.can_update(user):
- self.save(*args, **kwds)
+ if not self.can_update(user):
+ raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
+ self.save(*args, **kwds)
def delete_by_user(self, user, *args, **kwds):
def delete_by_user(self, user, *args, **kwds):
- if self.can_update(user):
- self.delete(*args, **kwds)
+ if not self.can_update(user):
+ raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
+ self.delete(*args, **kwds)
@property
def _dict(self):
@property
def _dict(self):