Commit 33e4cd6c authored by Skia's avatar Skia
Browse files

Merge branch 'bugfix' into 'master'

Better protection for stats

See merge request !58
parents a078bae2 8787e5e7
Pipeline #837 failed with stage
in 3 minutes and 30 seconds
......@@ -265,7 +265,13 @@ class UserStatsView(UserTabsMixin, CanViewMixin, DetailView):
def dispatch(self, request, *arg, **kwargs):
profile = self.get_object()
if (profile != request.user and not request.user.is_root):
if not hasattr(profile, "customer"):
raise Http404
if not (profile == request.user
or request.user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID)
or request.user.is_in_group(settings.SITH_BAR_MANAGER['unix_name']+settings.SITH_BOARD_SUFFIX)
or request.user.is_root):
raise PermissionDenied
return super(UserStatsView, self).dispatch(request, *arg, **kwargs)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment