Bug dans les checks d'acl : suppression de droits et gestion sur profil

8 years ago · 836d68fb7e
2 changed files with 5 additions and 5 deletions
--- a/re2o/acl.py
+++ b/re2o/acl.py
@ -78,8 +78,8 @@ def can_edit(model, *field_list):
                    kwargs={'userid':str(request.user.id)}
                ))
            for field in field_list:
-                can_create = getattr(model, 'can_change_' + field)
-                can, msg = can_create(instance, request.user, *args, **kwargs)
+                can_change = getattr(model, 'can_change_' + field)
+                can, msg = can_change(request.user, *args, **kwargs)
                if not can:
                    messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
                    return redirect(reverse('users:profil',
@ -97,8 +97,8 @@ def can_change(model, *field_list):
    def decorator(view):
        def wrapper(request, *args, **kwargs):
            for field in field_list:
-                can_create = getattr(model, 'can_change_' + field)
-                can, msg = can_create(request.user, *args, **kwargs)
+                can_change = getattr(model, 'can_change_' + field)
+                can, msg = can_change(request.user, *args, **kwargs)
                if not can:
                    messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
                    return redirect(reverse('users:profil',
--- a/users/views.py
+++ b/users/views.py
@ -274,7 +274,7 @@ def password(request, user, userid):


@login_required
-@can_edit(User)
+@can_edit(User, 'groups')
 def del_group(request, user, userid, listrightid):
    with transaction.atomic(), reversion.create_revision():
        user.groups.remove(ListRight.objects.get(id=listrightid))