zedfrigg/bookwyrm
1
0
Fork 0
Code Activity

Merge pull request #2258 from bookwyrm-social/form-perms

Browse source 
Check permissions automatically on form save
This commit is contained in:
Mouse Reeve 2022-09-19 13:32:41 -07:00 committed by GitHub
commit fdc477afdf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
41 changed files with 291 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

7
bookwyrm/models/user.py
View file

@ -5,6 +5,7 @@ from urllib.parse import urlparse
from django.apps import apps
from django.contrib.auth.models import AbstractUser, Group
from django.contrib.postgres.fields import ArrayField, CICharField
from django.core.exceptions import PermissionDenied
from django.dispatch import receiver
from django.db import models, transaction
from django.utils import timezone
@ -401,6 +402,12 @@ class User(OrderedCollectionPageMixin, AbstractUser):
editable=False,
).save(broadcast=False)
def raise_not_editable(self, viewer):
"""Who can edit the user object?"""
if self == viewer or viewer.has_perm("bookwyrm.moderate_user"):
return
raise PermissionDenied()
class KeyPair(ActivitypubMixin, BookWyrmModel):
"""public and private keys for a user"""