Fix dashboard domain query for non-admin users

2024-11-08 22:50:26 +00:00 · 2017-09-15 15:14:04 +02:00 · 2017-09-15 15:14:04 +02:00 · 5d09daf8eb
commit 5d09daf8eb
parent a48417ac23
2 changed files with 11 additions and 6 deletions
--- a/app/models.py
+++ b/app/models.py
@ -303,16 +303,18 @@ class User(db.Model):
            db.session.rollback()
            return False

+    def get_domain_query(self):
+        return db.session.query(User, DomainUser, Domain) \
+            .filter(User.id == self.id) \
+            .filter(User.id == DomainUser.user_id) \
+            .filter(Domain.id == DomainUser.domain_id)
+
    def get_domain(self):
        """
        Get domains which user has permission to
        access
        """
-        user_domains = []
-        query = db.session.query(User, DomainUser, Domain).filter(User.id==self.id).filter(User.id==DomainUser.user_id).filter(Domain.id==DomainUser.domain_id).all()
-        for q in query:
-            user_domains.append(q[2])
-        return user_domains
+        return [q[2] for q in self.get_domain_query()]

    def delete(self):
        """
--- a/app/views.py
+++ b/app/views.py
@ -292,7 +292,7 @@ def dashboard_domains():
    if current_user.role.name == 'Administrator':
        domains = Domain.query
    else:
-        domains = User(id=current_user.id).get_domain()
+        domains = User(id=current_user.id).get_domain_query()

    template = app.jinja_env.get_template("dashboard_domain.html")
    render = template.make_module(vars={"current_user": current_user})
@ -328,6 +328,9 @@ def dashboard_domains():
    length = min(int(request.args.get("length", 0)), 100)
    domains = domains[start:start + length]

+    if current_user.role.name != 'Administrator':
+        domains = [d[2] for d in domains]
+
    data = []
    for domain in domains:
        data.append([