mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-26 07:47:17 +00:00
chg: [items] check obj invesigations acl
This commit is contained in:
parent
cb45e06ebc
commit
cbe09c87c4
2 changed files with 11 additions and 0 deletions
|
@ -125,6 +125,13 @@ class Investigation(object):
|
||||||
ail_orgs.remove_obj_to_org(self.get_org(), 'investigation', self.uuid)
|
ail_orgs.remove_obj_to_org(self.get_org(), 'investigation', self.uuid)
|
||||||
self.set_level(new_level, new_org_uuid)
|
self.set_level(new_level, new_org_uuid)
|
||||||
|
|
||||||
|
def check_level(self, user_org):
|
||||||
|
level = self.get_level()
|
||||||
|
if level == 1:
|
||||||
|
return True
|
||||||
|
elif level == 2:
|
||||||
|
return self.get_org() == user_org
|
||||||
|
|
||||||
## ORG ##
|
## ORG ##
|
||||||
|
|
||||||
def get_creator_org(self):
|
def get_creator_org(self):
|
||||||
|
|
|
@ -62,6 +62,7 @@ def screenshot(filename):
|
||||||
@login_required
|
@login_required
|
||||||
@login_read_only
|
@login_read_only
|
||||||
def showItem(): # # TODO: support post
|
def showItem(): # # TODO: support post
|
||||||
|
user_org = current_user.get_org()
|
||||||
item_id = request.args.get('id')
|
item_id = request.args.get('id')
|
||||||
if not item_id or not item_basic.exist_item(item_id):
|
if not item_id or not item_basic.exist_item(item_id):
|
||||||
abort(404)
|
abort(404)
|
||||||
|
@ -80,6 +81,9 @@ def showItem(): # # TODO: support post
|
||||||
invests = []
|
invests = []
|
||||||
for investigation_uuid in meta['investigations']:
|
for investigation_uuid in meta['investigations']:
|
||||||
inv = Investigations.Investigation(investigation_uuid)
|
inv = Investigations.Investigation(investigation_uuid)
|
||||||
|
if not inv.check_level(user_org):
|
||||||
|
continue
|
||||||
|
|
||||||
invests.append(inv.get_metadata(r_str=True))
|
invests.append(inv.get_metadata(r_str=True))
|
||||||
meta['investigations'] = invests
|
meta['investigations'] = invests
|
||||||
else:
|
else:
|
||||||
|
|
Loading…
Reference in a new issue