prevent disabled users from getting site, slice permissions
diff --git a/xos/core/models/site.py b/xos/core/models/site.py
index 3e8fb82..689dea0 100644
--- a/xos/core/models/site.py
+++ b/xos/core/models/site.py
@@ -2,6 +2,7 @@
from django.db import models
from django.db.models import Q
from django.contrib.contenttypes import generic
+from django.core.exceptions import PermissionDenied
from geoposition.fields import GeopositionField
from core.models import PlCoreBase,PlCoreBaseManager,PlCoreBaseDeletionManager
from core.models import Tag
@@ -130,6 +131,8 @@
def __unicode__(self): return u'%s %s %s' % (self.site, self.user, self.role)
def save(self, *args, **kwds):
+ if not self.user.is_active:
+ raise PermissionDenied, "Cannot modify role(s) of a disabled user"
super(SitePrivilege, self).save(*args, **kwds)
def delete(self, *args, **kwds):
diff --git a/xos/core/models/slice.py b/xos/core/models/slice.py
index d2998b0..44a918b 100644
--- a/xos/core/models/slice.py
+++ b/xos/core/models/slice.py
@@ -130,6 +130,11 @@
def __unicode__(self): return u'%s %s %s' % (self.slice, self.user, self.role)
+ def save(self, *args, **kwds):
+ if not self.user.is_active:
+ raise PermissionDenied, "Cannot modify role(s) of a disabled user"
+ super(SlicePrivilege, self).delete(*args, **kwds)
+
def can_update(self, user):
return user.can_update_slice(self.slice)