Skip to content

Commit

Permalink
[quickfix] everyone can see all product types
Browse files Browse the repository at this point in the history
  • Loading branch information
inesmartins-swordhealth committed Jan 9, 2024
1 parent d426b34 commit 52b3106
Showing 1 changed file with 3 additions and 26 deletions.
29 changes: 3 additions & 26 deletions dojo/product_type/queries.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,32 +8,9 @@


def get_authorized_product_types(permission):
user = get_current_user()

if user is None:
return Product_Type.objects.none()

if user.is_superuser:
return Product_Type.objects.all().order_by('name')

if user_has_global_permission(user, permission):
return Product_Type.objects.all().order_by('name')

roles = get_roles_for_permission(permission)
authorized_roles = Product_Type_Member.objects.filter(product_type=OuterRef('pk'),
user=user,
role__in=roles)
authorized_groups = Product_Type_Group.objects.filter(
product_type=OuterRef('pk'),
group__users=user,
role__in=roles)
product_types = Product_Type.objects.annotate(
member=Exists(authorized_roles),
authorized_group=Exists(authorized_groups)).order_by('name')
product_types = product_types.filter(Q(member=True) | Q(authorized_group=True))

return product_types

# TODO: in order to quickly resolve a bug in the product types filter
# everyone can see all product types
return Product_Type.objects.all().order_by('name')

def get_authorized_members_for_product_type(product_type, permission):

Check notice on line 15 in dojo/product_type/queries.py

View workflow job for this annotation

GitHub Actions / flake8-your-pr

dojo/product_type/queries.py#L15

expected 2 blank lines, found 1 (E302)
user = get_current_user()
Expand Down

0 comments on commit 52b3106

Please sign in to comment.