FIX: Prevent basic users seeing individual asset version history

I prevented them from seeing the change stream, didn't prevent them seeing individual histories. This has to be done as otherwise it leaks financial information. If I can be arsed I'll come back to this and allow basic users to see a filtered version.
2026-01-17 05:22:16 +00:00 · 2020-01-11 21:09:15 +00:00
parent 13205770f1
commit 4ad12ab40a
3 changed files with 7 additions and 7 deletions
--- a/assets/templates/asset_update.html
+++ b/assets/templates/asset_update.html
@@ -44,7 +44,7 @@
  </div>
 </form>

-{% if not edit %}
+{% if not edit and perms.assets.view_asset %}
 <div class="col-sm-12 text-right">
    <div>
        <a href="{% url 'asset_history' object.asset_id %}" title="View Revision History">