imacat/mia-accounting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 41 Wiki Activity

Changed the can_edit permission to at least require the user to log in first.

Browse Source
This commit is contained in:
依瑪貓 2023-02-07 14:13:37 +08:00 committed by 依瑪貓
parent 31dc8fab04
commit 9e85c14431
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/accounting/utils/permission.py
View File

@ -23,6 +23,8 @@ import typing as t
from flask import Flask, abort from flask import Flask, abort
from accounting.utils.user import get_current_user
def has_permission(rule: t.Callable[[], bool]) -> t.Callable: def has_permission(rule: t.Callable[[], bool]) -> t.Callable:
"""The permission decorator to check whether the current user is allowed. """The permission decorator to check whether the current user is allowed.
@ -75,9 +77,13 @@ def can_view() -> bool:
def can_edit() -> bool: def can_edit() -> bool:
"""Returns whether the current user can edit the account data. """Returns whether the current user can edit the account data.
The user has to log in.
:return: True if the current user can edit the accounting data, or False :return: True if the current user can edit the accounting data, or False
otherwise. otherwise.
""" """
if get_current_user() is None:
return False
return __can_edit_func() return __can_edit_func()