From 2f018f8c9dfbe007e4e628836a115ba081a5d1fb Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <yohann.danello@gmail.com>
Date: Sun, 2 Aug 2020 08:57:16 +0200
Subject: [PATCH] Always query distinct objects

---
 apps/member/views.py     | 2 +-
 apps/note/views.py       | 8 ++++++--
 apps/permission/views.py | 2 +-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/apps/member/views.py b/apps/member/views.py
index d065b2b6..30fbb139 100644
--- a/apps/member/views.py
+++ b/apps/member/views.py
@@ -131,7 +131,7 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         """
         We can't display information of a not registered user.
         """
-        return super().get_queryset().filter(profile__registration_valid=True).distinct()
+        return super().get_queryset().filter(profile__registration_valid=True)
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
diff --git a/apps/note/views.py b/apps/note/views.py
index 61b86e92..ef9da668 100644
--- a/apps/note/views.py
+++ b/apps/note/views.py
@@ -33,7 +33,9 @@ class TransactionCreateView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTabl
     extra_context = {"title": _("Transfer money")}
 
     def get_queryset(self, **kwargs):
-        return super().get_queryset(**kwargs).order_by("-created_at").all()[:20]
+        return Transaction.objects.filter(
+            PermissionBackend.filter_queryset(self.request.user, Transaction, "view")
+        ).order_by("-created_at").all()[:20]
 
     def get_context_data(self, **kwargs):
         """
@@ -139,7 +141,9 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
     table_class = HistoryTable
 
     def get_queryset(self, **kwargs):
-        return super().get_queryset(**kwargs).order_by("-created_at")[:20]
+        return Transaction.objects.filter(
+            PermissionBackend.filter_queryset(self.request.user, Transaction, "view")
+        ).order_by("-created_at").all()[:20]
 
     def get_context_data(self, **kwargs):
         """
diff --git a/apps/permission/views.py b/apps/permission/views.py
index 83deddac..9132e5f0 100644
--- a/apps/permission/views.py
+++ b/apps/permission/views.py
@@ -20,7 +20,7 @@ class ProtectQuerysetMixin:
     """
     def get_queryset(self, **kwargs):
         qs = super().get_queryset(**kwargs)
-        return qs.filter(PermissionBackend.filter_queryset(self.request.user, qs.model, "view"))
+        return qs.filter(PermissionBackend.filter_queryset(self.request.user, qs.model, "view")).distinct()
 
     def get_form(self, form_class=None):
         form = super().get_form(form_class)
-- 
GitLab