fixed access logic for forms with read access set to 'roles'
This commit is contained in:
parent
6b2e9093f3
commit
8da45e16e6
|
@ -159,7 +159,10 @@ class FormData(StorableObject):
|
|||
return True
|
||||
elif self.formdef.acl_read == 'roles':
|
||||
user_roles = Set(user.roles)
|
||||
if user_roles.intersection(self.formdef.roles or []):
|
||||
form_roles = (self.formdef.roles or [])
|
||||
if self.formdef.receiver:
|
||||
form_roles.append(self.formdef.receiver.id)
|
||||
if user_roles.intersection(form_roles):
|
||||
return True
|
||||
elif self.formdef.acl_read == 'owner':
|
||||
if self.user_id == user.id:
|
||||
|
|
Loading…
Reference in New Issue