Skip to content

GitLab

Commit 65e6eb1d authored by sebastien letort's avatar sebastien letort
Browse files

In JobAuthMixin, we can safely provided a wrong job id.

parent af9b6351
Hide whitespace changes
Inline Side-by-side
django/allgo/main/mixins.py
View file @ 65e6eb1d
......@@ -97,7 +97,11 @@ class JobAuthMixin(AllgoValidAccountMixin, UserPassesTestMixin):
if user is None:
return False
self.raise_exception = True # to return a 403
job = Job.objects.filter(pk=self.kwargs['pk']).first()
try:
job = Job.objects.get(id=self.kwargs['pk'])
except Job.DoesNotExist:
return False
return user.is_superuser or user == getattr(job, "user", ())
def handle_no_permission(self):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment