access to backoffice only if user.can_go_in_backoffice (fix #1688)
This commit is contained in:
parent
a33d025556
commit
69a9045b75
|
@ -49,7 +49,7 @@ class BackofficeRootDirectory(AccessControlled, Directory):
|
|||
raise errors.AccessUnauthorizedError(
|
||||
public_msg = _('Access to backoffice is restricted to authorized persons only. '\
|
||||
'Please login.'))
|
||||
if user and user.anonymous:
|
||||
if user and not user.can_go_in_backoffice():
|
||||
raise errors.AccessForbiddenError()
|
||||
|
||||
get_response().filter['in_backoffice'] = True
|
||||
|
|
|
@ -106,6 +106,8 @@ class User(StorableObject):
|
|||
def can_go_in_backoffice(self):
|
||||
if self.is_admin:
|
||||
return True
|
||||
if self.anonymous:
|
||||
return False
|
||||
from roles import Role
|
||||
for role_id in self.roles or []:
|
||||
try:
|
||||
|
|
Loading…
Reference in New Issue