Refactor permission checks in UpdateQuestionMixin to include author and reviewer group validation

This commit is contained in:
Ross
2025-11-03 11:53:45 +00:00
parent aff8d205ed
commit d93483db26
+7 -2
View File
@@ -4736,12 +4736,17 @@ class UpdateQuestionMixin(RedirectMixin, RevisionMixin, UpdateView):
# Do permission checks here
obj = context["object"]
if (
if self.request.user in obj.get_author_objects():
return context
elif (
self.request.user.groups.filter(name="long_checker").exists()
or self.request.user.is_superuser
):
return context
if self.request.user in obj.get_author_objects():
review_group = f"{obj.get_app_name()}_reviewer"
logger.debug(f"Checking for group membership: {review_group}")
if self.request.user.groups.filter(name=review_group).exists():
return context
raise PermissionDenied() # or Http404