lgcosta/paperless-ngx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add permission filtering in files & folders query logic

Browse Source
This commit is contained in:
Martin Tan 2023-09-03 20:08:46 +08:00
parent 9c66c41436
commit a58c96a51e
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/documents/views.py
View File

@ -1010,7 +1010,11 @@ class FilesAndFoldersViewSet(ReadOnlyModelViewSet):
folders = list(StoragePath.objects.exclude(path__contains='/')) folders = list(StoragePath.objects.exclude(path__contains='/'))
files = list(Document.objects.all().filter(storage_path=None).order_by(ordering)) files = list(Document.objects.all().filter(storage_path=None).order_by(ordering))
combined = folders + files # Filter objects by object-level permissions
visible_folders = [f for f in folders if request.user.has_perm(f'view_{StoragePath._meta.model_name}', f)]
visible_files = [f for f in files if request.user.has_perm(f'view_{Document._meta.model_name}', f)]
combined = visible_folders + visible_files
start = (page - 1) * page_size start = (page - 1) * page_size
end = page * page_size end = page * page_size