mirror of https://github.com/CIRCL/AIL-framework
chg: [items] check obj invesigations acl
parent
cb45e06ebc
commit
cbe09c87c4
|
@ -125,6 +125,13 @@ class Investigation(object):
|
|||
ail_orgs.remove_obj_to_org(self.get_org(), 'investigation', self.uuid)
|
||||
self.set_level(new_level, new_org_uuid)
|
||||
|
||||
def check_level(self, user_org):
|
||||
level = self.get_level()
|
||||
if level == 1:
|
||||
return True
|
||||
elif level == 2:
|
||||
return self.get_org() == user_org
|
||||
|
||||
## ORG ##
|
||||
|
||||
def get_creator_org(self):
|
||||
|
|
|
@ -62,6 +62,7 @@ def screenshot(filename):
|
|||
@login_required
|
||||
@login_read_only
|
||||
def showItem(): # # TODO: support post
|
||||
user_org = current_user.get_org()
|
||||
item_id = request.args.get('id')
|
||||
if not item_id or not item_basic.exist_item(item_id):
|
||||
abort(404)
|
||||
|
@ -80,6 +81,9 @@ def showItem(): # # TODO: support post
|
|||
invests = []
|
||||
for investigation_uuid in meta['investigations']:
|
||||
inv = Investigations.Investigation(investigation_uuid)
|
||||
if not inv.check_level(user_org):
|
||||
continue
|
||||
|
||||
invests.append(inv.get_metadata(r_str=True))
|
||||
meta['investigations'] = invests
|
||||
else:
|
||||
|
|
Loading…
Reference in New Issue