Skip to content

Commit

Permalink
Disable superusers and staff from seeing private and sensitive data (#…
Browse files Browse the repository at this point in the history 
…4217)
  • Loading branch information
@dimasciput
dimasciput authored Sep 3, 2024
1 parent ef4f98a commit 80c6dc0
Showing 1 changed file with 0 additions and 3 deletions.
3 changes: 0 additions & 3 deletions bims/api_views/search.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -641,10 +641,7 @@ def process_search(self):
is_private_data_access_allowed = False
try:
requester = get_user_model().objects.get(id=requester_id)
is_requester_staff = requester.is_staff or requester.is_superuser
user_groups = requester.groups.values_list('name', flat=True)
if is_requester_staff:
is_private_data_access_allowed = True
if 'SensitiveDataGroup' in user_groups:
is_sensitive_data_access_allowed = True
if 'PrivateDataGroup' in user_groups:
Expand Down

0 comments on commit 80c6dc0

Please sign in to comment.