Closed slemrmartin closed 2 months ago
For related users views we need to show real members thus we need to be able to omit them
I don't follow the problem statement here. If you are looking at a related view, the originating queryset comes from a getattr
to use the related manager. This is why queryset
is already a parameter to visible_users
. This method should take the originating queryset (which shouldn't include the superuser) and filters it further. I'd like to get more specifically what went wrong. Did the originating queryset have the superuser? Did visible_users
somehow add it back in? This is the design, it should work, and I want to know specifically what didn't work before implementing a fix in the actual views.
@AlanCoding the visible_users
did always add superuser/request user by the | .filter()
which is hard to undo later.
The affected use case is in the related PR
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
94.4% Coverage on New Code
0.0% Duplication on New Code
RBAC method
visible_users
always adds superusers and request user.For related users views we need to show real members thus we need to be able to omit them