|
|
@ -98,7 +98,13 @@ from re2o.utils import ( |
|
|
all_active_interfaces_count, |
|
|
all_active_interfaces_count, |
|
|
) |
|
|
) |
|
|
from re2o.base import re2o_paginator, SortTable |
|
|
from re2o.base import re2o_paginator, SortTable |
|
|
from re2o.acl import can_view_all, can_view_app, can_edit_history, can_view |
|
|
from re2o.acl import ( |
|
|
|
|
|
can_view_all, |
|
|
|
|
|
can_view_app, |
|
|
|
|
|
can_edit_history, |
|
|
|
|
|
can_view, |
|
|
|
|
|
acl_error_message, |
|
|
|
|
|
) |
|
|
|
|
|
|
|
|
from .models import ( |
|
|
from .models import ( |
|
|
ActionsSearch, |
|
|
ActionsSearch, |
|
|
@ -109,6 +115,8 @@ from .models import ( |
|
|
|
|
|
|
|
|
from .forms import ActionsSearchForm, MachineHistorySearchForm |
|
|
from .forms import ActionsSearchForm, MachineHistorySearchForm |
|
|
|
|
|
|
|
|
|
|
|
from .acl import can_view as can_view_logs |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@login_required |
|
|
@login_required |
|
|
@can_view_app("logs") |
|
|
@can_view_app("logs") |
|
|
@ -536,12 +544,11 @@ def get_history_object(request, model, object_name, object_id): |
|
|
instance = None |
|
|
instance = None |
|
|
|
|
|
|
|
|
if instance is None: |
|
|
if instance is None: |
|
|
# TODO : THIS IS A DECORATOR, YOU CANNOT USE IT LIKE THIS. AS IT, IT |
|
|
authorized, msg, permissions = can_view_logs(request.user) |
|
|
# WILL ALLOW ANYONE TO SEE THE HISTORY OF A DELETED OBJECT. |
|
|
|
|
|
authorized = can_view_app("logs") |
|
|
|
|
|
msg = None |
|
|
|
|
|
else: |
|
|
else: |
|
|
authorized, msg, _permissions = instance.can_view(request.user) |
|
|
authorized, msg, permissions = instance.can_view(request.user) |
|
|
|
|
|
|
|
|
|
|
|
msg = acl_error_message(msg, permissions) |
|
|
|
|
|
|
|
|
if not authorized: |
|
|
if not authorized: |
|
|
messages.error( |
|
|
messages.error( |
|
|
|
Hugo Levy-Falk
5 years ago
klafyvel