Merge pull request #2137 from SchrodingersGat/nameless-user-fix

Handle rare case where user instance has no name assigned
2024-08-30 18:33:04 +00:00 · 2021-10-12 14:39:53 +11:00 · 2021-10-12 14:39:53 +11:00 · b9ad6bf9f9
commit b9ad6bf9f9
parent 772d3fa67d 75bfdd615e
3 changed files with 10 additions and 4 deletions
--- a/InvenTree/InvenTree/metadata.py
+++ b/InvenTree/InvenTree/metadata.py
@ -72,7 +72,10 @@ class InvenTreeMetadata(SimpleMetadata):

                # Remove any HTTP methods that the user does not have permission for
                for method, permission in rolemap.items():
-                    if method in actions and not check(user, table, permission):
+
+                    result = check(user, table, permission)
+
+                    if method in actions and not result:
                        del actions[method]

                # Add a 'DELETE' action if we are allowed to delete
--- a/InvenTree/InvenTree/test_api.py
+++ b/InvenTree/InvenTree/test_api.py
@ -296,9 +296,9 @@ class APITests(InvenTreeAPITestCase):

        actions = self.getActions(url)

-        # 'add' permission does not apply here!
-        self.assertEqual(len(actions), 1)
+        self.assertEqual(len(actions), 2)
        self.assertIn('PUT', actions.keys())
+        self.assertIn('GET', actions.keys())

        # Add some other permissions
        self.assignRole('part.change')
--- a/InvenTree/users/models.py
+++ b/InvenTree/users/models.py
@ -216,7 +216,10 @@ class RuleSet(models.Model):
                    return True

        # Print message instead of throwing an error
-        logger.info(f"User '{user.name}' failed permission check for {table}.{permission}")
+        name = getattr(user, 'name', user.pk)
+
+        logger.info(f"User '{name}' failed permission check for {table}.{permission}")
+
        return False

    @staticmethod