taiga
/
taiga-back
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Now users have better permissions management

remotes/origin/enhancement/email-actions
Jesús Espino 2014-03-26 14:22:10 +01:00
parent b3989298d4
commit 56df0634d6
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
taiga/base/users/api.py
View File

@ -29,9 +29,15 @@ class MembersFilterBackend(BaseFilterBackend):
if project_id:
Project = get_model('projects', 'Project')
project = get_object_or_404(Project, pk=project_id)
return queryset.filter(Q(memberships__project=project) | Q(id=project.owner.id)).distinct()
if project.memberships.filter(user=request.user).exists() or project.owner ==request.user:
return queryset.filter(Q(memberships__project=project) | Q(id=project.owner.id)).distinct()
else:
raise exc.PermissionDenied(_("You don't have permisions to see this project users."))
else:
return queryset
if request.user.is_superuser:
return queryset
else:
raise exc.PermissionDenied(_("You don't have permisions to see all users."))
class PermissionsViewSet(ModelListViewSet):
permission_classes = (IsAuthenticated,)