Fix: remove admin.logentry perm, use admin (staff) status (#6380)

2025-07-28 18:24:38 -05:00 · 2024-04-13 17:35:34 -07:00
parent 47b4a602a7
commit f812f2af4d
15 changed files with 81 additions and 47 deletions
--- a/src/documents/permissions.py
+++ b/src/documents/permissions.py
@@ -40,7 +40,7 @@ class PaperlessObjectPermissions(DjangoObjectPermissions):

 class PaperlessAdminPermissions(BasePermission):
    def has_permission(self, request, view):
-        return request.user.has_perm("admin.view_logentry")
+        return request.user.is_staff


 def get_groups_with_only_permission(obj, codename):
--- a/src/documents/tests/test_api_permissions.py
+++ b/src/documents/tests/test_api_permissions.py
@@ -131,6 +131,7 @@ class TestApiAuth(DirectoriesMixin, APITestCase):
    def test_api_sufficient_permissions(self):
        user = User.objects.create_user(username="test")
        user.user_permissions.add(*Permission.objects.all())
+        user.is_staff = True
        self.client.force_authenticate(user)

        Document.objects.create(title="Test")
--- a/src/documents/tests/test_api_uisettings.py
+++ b/src/documents/tests/test_api_uisettings.py
@@ -27,6 +27,7 @@ class TestApiUiSettings(DirectoriesMixin, APITestCase):
            {
                "id": self.test_user.id,
                "username": self.test_user.username,
+                "is_staff": True,
                "is_superuser": True,
                "groups": [],
                "first_name": self.test_user.first_name,
--- a/src/documents/views.py
+++ b/src/documents/views.py
@@ -1270,6 +1270,7 @@ class UiSettingsView(GenericAPIView):
        user_resp = {
            "id": user.id,
            "username": user.username,
+            "is_staff": user.is_staff,
            "is_superuser": user.is_superuser,
            "groups": list(user.groups.values_list("id", flat=True)),
        }