Added logic to check if user is allowed to see requested data #89 #197
@ -52,9 +52,9 @@ class QueryABC(ObjectType):
|
||||
if user == "system" or user.auth_role == AuthRoleEnum.admin:
|
||||
return self._resolve_collection(collection, *args, **kwargs)
|
||||
|
||||
for x in collection:
|
||||
for x in collection.to_list():
|
||||
|
edraft marked this conversation as resolved
Outdated
|
||||
if not self._can_user_see_element(user, x):
|
||||
return List()
|
||||
collection.remove(x)
|
||||
|
||||
return self._resolve_collection(collection, *args, **kwargs)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user
Sobald ein Element in der Collection von einem User nicht gesehen werden darf, wird die ganze Collection verworfen?