Create a mechanism for filtering put details, and now users can change their own passwords but not rename themselves, etc.

2026-02-01 01:28:09 -03:30 · 2013-03-24 12:36:42 -04:00
parent a071ff65e4
commit aa2915a151
6 changed files with 189 additions and 30 deletions
--- a/lib/main/rbac.py
+++ b/lib/main/rbac.py
@@ -60,8 +60,12 @@ class CustomRbac(permissions.BasePermission):
            return True
        if not self._common_user_check(request):
            return False
-        if not obj.active:
-            raise Http404()
+        if type(obj) == User:
+            if not obj.is_active:
+                raise Http404()
+        else:
+            if not obj.active:
+                raise Http404()
        if not view.item_permissions_check(request, obj):
            raise PermissionDenied()
        return True