moep/dynamicweb
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Check has_perm only for invoices

Browse source
This commit is contained in:
M.Ravi 2017-12-12 15:43:25 +01:00
commit 24d85d5086
1 changed files with 11 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

22
hosting/views.py
View file

@ -687,17 +687,6 @@ class OrdersHostingDetailView(LoginRequiredMixin,
order_id=order_id order_id=order_id
)) ))
hosting_order_obj = None hosting_order_obj = None
if not self.request.user.has_perm(
self.permission_required[0], hosting_order_obj
):
logger.debug(
"User {user} does not have permission on HostingOrder "
"{order_id}. Raising 404 error now.".format(
user=self.request.user.email,
order_id=order_id if hosting_order_obj else 'None'
)
)
raise Http404
return hosting_order_obj return hosting_order_obj
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
@ -718,6 +707,17 @@ class OrdersHostingDetailView(LoginRequiredMixin,
context['page_header_text'] = _('Confirm Order') context['page_header_text'] = _('Confirm Order')
else: else:
context['page_header_text'] = _('Invoice') context['page_header_text'] = _('Invoice')
if not self.request.user.has_perm(
self.permission_required[0], obj
):
logger.debug(
"User {user} does not have permission on HostingOrder "
"{order_id}. Raising 404 error now.".format(
user=self.request.user.email,
order_id=obj.id if obj else 'None'
)
)
raise Http404
if obj is not None: if obj is not None:
# invoice for previous order # invoice for previous order