Skip to content

Commit

Permalink
IA-3713: fix perm validation for user w/o org unit
Browse files Browse the repository at this point in the history
  • Loading branch information
quang-le committed Nov 25, 2024
1 parent 4c2074d commit de03dc9
Showing 1 changed file with 12 additions and 11 deletions.
23 changes: 12 additions & 11 deletions iaso/api/profiles/profiles.py
Original file line number Diff line number Diff line change
Expand Up @@ -665,17 +665,18 @@ def validate_org_units(self, request, profile) -> QuerySet[OrgUnit]:
if request.user.has_perm(permission.USERS_MANAGED):
profile_org_units = request.user.iaso_profile.org_units.all()
managed_org_units = OrgUnit.objects.hierarchy(profile_org_units).values_list("id", flat=True)
for org_unit_id in org_unit_ids:
if (
org_unit_id not in managed_org_units
and org_unit_id not in existing_org_unit_ids
and not request.user.is_superuser
):
raise PermissionDenied(
f"User with {permission.USERS_MANAGED} cannot assign an OrgUnit outside of their own health "
f"pyramid. Trying to assign {org_unit_id}."
)
filtered_org_unit_ids.append(org_unit_id)
if profile_org_units.exists():
for org_unit_id in org_unit_ids:
if (
org_unit_id not in managed_org_units
and org_unit_id not in existing_org_unit_ids
and not request.user.is_superuser
):
raise PermissionDenied(
f"User with {permission.USERS_MANAGED} cannot assign an OrgUnit outside of their own health "
f"pyramid. Trying to assign {org_unit_id}."
)
filtered_org_unit_ids.append(org_unit_id)

valid_ids = filtered_org_unit_ids or org_unit_ids
org_units = OrgUnit.objects.filter(id__in=valid_ids)
Expand Down

0 comments on commit de03dc9

Please sign in to comment.