contacts: limit search view to appropriate users (#10469)
This commit is contained in:
parent
ec45247f64
commit
f87a3e4638
|
@ -22,6 +22,7 @@ import time
|
|||
from django import template
|
||||
from django.conf import settings
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.http import HttpResponse
|
||||
from django.template import RequestContext
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
|
@ -67,6 +68,14 @@ zone = csrf_exempt(ContactsZone.as_view())
|
|||
|
||||
|
||||
def search_json(request):
|
||||
user_groups = set([x.name for x in request.user.groups.all()])
|
||||
for channel in settings.CHANNEL_ROLES:
|
||||
channel_groups = set(settings.CHANNEL_ROLES[channel])
|
||||
if user_groups.intersection(channel_groups):
|
||||
break
|
||||
else:
|
||||
raise PermissionDenied()
|
||||
|
||||
query = request.GET.get('q')
|
||||
if query:
|
||||
result = get_wcs_data('api/users/', {'q': query, 'limit': 10})
|
||||
|
|
Loading…
Reference in New Issue