mo8it/AdvLabDB
1
0
Fork 0
mirror of https://codeberg.org/Mo8it/AdvLabDB.git synced 2024-11-08 21:21:06 +00:00
Code Releases Activity

Handle unauthorized action

Browse source
This commit is contained in:
Mo 2022-09-21 16:52:15 +02:00
parent cf8279616e
commit 950823585e
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
advlabdb/custom_classes.py
View file

@ -289,7 +289,8 @@ class SecureAssistantModelView(CustomModelView):
if model not in self.get_query(): if model not in self.get_query():
reportBadAttempt("An assistant tried to change a model not in his filter!") reportBadAttempt("An assistant tried to change a model not in his filter!")
raise ModelViewException("Unauthorized action!") self.handle_view_exception(ModelViewException("Unauthorized action!"))
return redirect(self.url)
def on_model_delete(self, model): def on_model_delete(self, model):
reportBadAttempt("An assistant tried to delete a model!") reportBadAttempt("An assistant tried to delete a model!")
@ -308,7 +309,8 @@ class SecureAssistantModelView(CustomModelView):
if model not in self.get_query(): if model not in self.get_query():
reportBadAttempt("An assistant tried to edit a model not in his filter!") reportBadAttempt("An assistant tried to edit a model not in his filter!")
raise ModelViewException("Unauthorized action!") self.handle_view_exception(ModelViewException("Unauthorized action!"))
return redirect(self.url)
return super().edit_view() return super().edit_view()
@ -325,7 +327,8 @@ class SecureAssistantModelView(CustomModelView):
if model not in self.get_query(): if model not in self.get_query():
reportBadAttempt("An assistant tried to see details of a model not in his filter!") reportBadAttempt("An assistant tried to see details of a model not in his filter!")
raise ModelViewException("Unauthorized action!") self.handle_view_exception(ModelViewException("Unauthorized action!"))
return redirect(self.url)
return super().details_view() return super().details_view()