From 24d85d5086e305d7e4f7ea72185584d08de446f9 Mon Sep 17 00:00:00 2001 From: "M.Ravi" Date: Tue, 12 Dec 2017 15:43:25 +0100 Subject: [PATCH] Check has_perm only for invoices --- hosting/views.py | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/hosting/views.py b/hosting/views.py index 68f55433..2166f1dd 100644 --- a/hosting/views.py +++ b/hosting/views.py @@ -687,17 +687,6 @@ class OrdersHostingDetailView(LoginRequiredMixin, order_id=order_id )) hosting_order_obj = None - if not self.request.user.has_perm( - self.permission_required[0], hosting_order_obj - ): - logger.debug( - "User {user} does not have permission on HostingOrder " - "{order_id}. Raising 404 error now.".format( - user=self.request.user.email, - order_id=order_id if hosting_order_obj else 'None' - ) - ) - raise Http404 return hosting_order_obj def get_context_data(self, **kwargs): @@ -718,6 +707,17 @@ class OrdersHostingDetailView(LoginRequiredMixin, context['page_header_text'] = _('Confirm Order') else: context['page_header_text'] = _('Invoice') + if not self.request.user.has_perm( + self.permission_required[0], obj + ): + logger.debug( + "User {user} does not have permission on HostingOrder " + "{order_id}. Raising 404 error now.".format( + user=self.request.user.email, + order_id=obj.id if obj else 'None' + ) + ) + raise Http404 if obj is not None: # invoice for previous order