smokephil/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-12-09 00:05:21 +01:00
Code Issues Projects Releases Packages Wiki Activity

Fix: correctly respect superuser for document history (#6661)

Browse source
This commit is contained in:
shamoon 2024-05-09 12:27:59 -07:00 committed by GitHub
parent 22c8d8ef2a
commit 5fec764018
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 23 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/documents/views.py
View file

@ -767,7 +767,9 @@ class DocumentViewSet(
try:
doc = Document.objects.get(pk=pk)
if not request.user.has_perm("auditlog.view_logentry") or (
doc.owner is not None and doc.owner != request.user
doc.owner is not None
and doc.owner != request.user
and not request.user.is_superuser
):
return HttpResponseForbidden(
"Insufficient permissions",