1. Kai Diefenbach
  2. django_workflows
  3. Issues
Issue #2 resolved

get_allowed_transitions is not aware of permissions

Jakub Wiśniowski
created an issue

The get_allowed_transitions function defined in workflows.utils module is simply returning all transitions assigned to state. It doesn't check permissions set on transition.

The same problem exists with workflows.models.State which defines get_allowed_transitions method.

LFC defines its own better version of this function.

Comments (5)

  1. Jakub Wiśniowski reporter
    • changed status to open

    Thanks but there is still one little bug. Just change:

    if permission is None or self.has_permission(user, permission.codename):

    to

    if permission is None or permissions.utils.has_permission(obj, user, permission.codename):

    in line 290 in workflows/utils.py.

  2. Log in to comment