Refactor permission checks in UpdateQuestionMixin to include author and reviewer group validation
This commit is contained in:
+7
-2
@@ -4736,12 +4736,17 @@ class UpdateQuestionMixin(RedirectMixin, RevisionMixin, UpdateView):
|
||||
# Do permission checks here
|
||||
|
||||
obj = context["object"]
|
||||
if (
|
||||
if self.request.user in obj.get_author_objects():
|
||||
return context
|
||||
elif (
|
||||
self.request.user.groups.filter(name="long_checker").exists()
|
||||
or self.request.user.is_superuser
|
||||
):
|
||||
return context
|
||||
if self.request.user in obj.get_author_objects():
|
||||
|
||||
review_group = f"{obj.get_app_name()}_reviewer"
|
||||
logger.debug(f"Checking for group membership: {review_group}")
|
||||
if self.request.user.groups.filter(name=review_group).exists():
|
||||
return context
|
||||
raise PermissionDenied() # or Http404
|
||||
|
||||
|
||||
Reference in New Issue
Block a user