Skip to content

Commit bce2c77

Browse files
gugupygugupy
committed
show only allowed related views
1 parent 84e93bc commit bce2c77

File tree

2 files changed

+8
-4
lines changed

2 files changed

+8
-4
lines changed

flask_appbuilder/baseviews.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -679,6 +679,8 @@ class MyView(ModelView):
679679
"""
680680
_related_views = None
681681
""" internal list with ref to instantiated view classes """
682+
allowed_related_views = None
683+
""" Holds related views where the user has 'can_list' permission. """
682684
list_title = ""
683685
""" List Title, if not configured the default is 'List ' with pretty model name """
684686
show_title = ""
@@ -1032,13 +1034,15 @@ def _get_related_views_widgets(
10321034
Model View widgets
10331035
"""
10341036
widgets = widgets or {}
1037+
self.allowed_related_views = []
10351038
widgets["related_views"] = []
10361039
for view in self._related_views:
10371040
# Skip related views if the current user does not have 'can_list' permission
10381041
if not self.appbuilder.sm.has_access("can_list", view.__class__.__name__):
1039-
self._related_views.remove(view)
10401042
continue
10411043

1044+
self.allowed_related_views.append(view)
1045+
10421046
if orders.get(view.__class__.__name__):
10431047
order_column, order_direction = orders.get(view.__class__.__name__)
10441048
else:

flask_appbuilder/views.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -571,7 +571,7 @@ def show(self, pk):
571571
pk=pk,
572572
title=self.show_title,
573573
widgets=widgets,
574-
related_views=self._related_views,
574+
related_views=self.allowed_related_views,
575575
)
576576

577577
"""
@@ -609,7 +609,7 @@ def edit(self, pk):
609609
self.edit_template,
610610
title=self.edit_title,
611611
widgets=widgets,
612-
related_views=self._related_views,
612+
related_views=self.allowed_related_views,
613613
)
614614

615615
"""
@@ -731,7 +731,7 @@ def list(self, pk=None):
731731
widgets = self._get_related_views_widgets(
732732
item, orders=orders, pages=pages, page_sizes=page_sizes, widgets=widgets
733733
)
734-
related_views = self._related_views
734+
related_views = self.allowed_related_views
735735
else:
736736
related_views = []
737737

0 commit comments

Comments
 (0)