BotForge/quickbot
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix permission checks for command forms
All checks were successful
Build Docs / changes (push) Successful in 5s
Details
Build Docs / build-docs (push) Has been skipped
Details
Build Docs / deploy-docs (push) Has been skipped
Details

Browse Source
This commit is contained in:
Alexander Kalinovsky
2025-03-21 18:46:22 +07:00
parent 66a6de8b20
commit 732c86b6fb
1 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/qbot/bot/handlers/editors/main_callbacks.py
View File

@@ -260,14 +260,19 @@ async def process_field_edit_callback(message: Message | CallbackQuery, **kwargs
# What if user has several roles and each role has its own ownership field? Should we allow creation even # What if user has several roles and each role has its own ownership field? Should we allow creation even
# if user has no CREATE_ALL permission # if user has no CREATE_ALL permission
user_permissions = get_user_permissions(user, entity_descriptor)
for role in user.roles: if callback_data.context in [
if ( CommandContext.ENTITY_CREATE,
role in entity_descriptor.ownership_fields CommandContext.ENTITY_EDIT,
and EntityPermission.CREATE_ALL not in user_permissions ]:
): user_permissions = get_user_permissions(user, entity_descriptor)
entity_data[entity_descriptor.ownership_fields[role]] = user.id
for role in user.roles:
if (
role in entity_descriptor.ownership_fields
and EntityPermission.CREATE_ALL not in user_permissions
):
entity_data[entity_descriptor.ownership_fields[role]] = user.id
deser_entity_data = { deser_entity_data = {
key: await deserialize( key: await deserialize(