zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-05 01:11:55 +02:00
Code Issues Projects Releases Packages Wiki Activity

changed the order of the permissions checking as the manage domain check was firing before editable check and allowing access

Browse source
This commit is contained in:
David Kennedy 2023-11-27 18:02:43 -05:00
parent 315638c020
commit abe35b9d63
No known key found for this signature in database
GPG key ID: 6528A5386E66B96B
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/registrar/views/utility/mixins.py
View file

@ -46,6 +46,10 @@ class DomainPermission(PermissionsLoginMixin):
if pk is None:
raise ValueError("Primary key is None")
# test if domain in editable state
if not self.in_editable_state(pk):
return False
if self.can_access_other_user_domains(pk):
return True
@ -53,10 +57,6 @@ class DomainPermission(PermissionsLoginMixin):
if not UserDomainRole.objects.filter(user=self.request.user, domain__id=pk).exists():
return False
# test if domain in editable state
if not self.in_editable_state(pk):
return False
# if we need to check more about the nature of role, do it here.
return True