Sicherheitslücke Standards

standards/templates/standards/standards_management.html

@@ -61,8 +61,11 @@
                     {% for s in task.standards %}
                       <!-- VISIBLE GROUPCHECK -->
                       {% setbool False %}
+                      
                       {% for ag in s.visibleby.all %}
+                      
                         {% if request.user|has_group:ag.group.name %}
+
                           {% setbool True %}
                         {% endif %}
                       {% endfor %}

standards/views.py

@@ -274,348 +274,395 @@ def StandardAdd(request, id=False):
 		standard = Standards.objects.get(pk=id, agency=request.user.profile.agency)
 		# SAVE UPDATED STANDARD
 		if request.method == 'POST':
-			normalForm = StandardUpdateStandard(request.POST, instance=standard)
-			editorForm = StandardUpdateStandardEditor(request.POST, instance=standard)
 
-			if editorForm.is_valid() and normalForm.is_valid():
+			
-				standard.last_modified_by = request.user
-				standard.last_modified_on = datetime.now()
-				standard.task = normalForm.cleaned_data['task']
-				standard.area = normalForm.cleaned_data['area']
-				standard.name = normalForm.cleaned_data['name']
-				standard.public = normalForm.cleaned_data['public']
-				standard.content = editorForm.cleaned_data['content']		
-				standard.freefield_content = normalForm.cleaned_data['freefield_content']
-				standard.freefield_title = normalForm.cleaned_data['freefield_title']
-
-				# Clear Users, will set again next step
-				standard.authority.clear()
-				standard.executor.clear()
-				standard.representative.clear()
-
-				# GROUPS
-				standard.authority_group.clear()
-				standard.executor_group.clear()
-				standard.representative_group.clear()
-
-				standard.visibleby.clear()
-				standard.linked_standards.clear()
-				standard.addedfiles.clear()
-				standard.addedquicklinks.clear()
-				standard.addedpasswords.clear()
-				standard.addedcontacts.clear()
-
-				# ADD NEW INFOS
-				# REPRESENTATIV
-				verant = normalForm.cleaned_data['us_verant'].split(",")
-				for v in verant:
-					if(v.isdigit()):
-						standard.authority.add(User.objects.get(pk=v))
-
-				# EXECUTORS
-				ex = normalForm.cleaned_data['us_ex'].split(",")
-				for v in ex:
-					if(v.isdigit()):
-						standard.executor.add(User.objects.get(pk=v))
-
-				# AUTHORITY
-				ver = normalForm.cleaned_data['us_ver'].split(",")
-				for v in ver:
-					if(v.isdigit()):
-						standard.representative.add(User.objects.get(pk=v))
 
 
-				verant_group = normalForm.cleaned_data['group_verant'].split(",")
-				for v in verant_group:
-					if(v.isdigit()):
-						standard.authority_group.add(AgencyGroup.objects.get(pk=v))
 
-				# EXECUTORS
+			# CHECK IF USER HAS RIGHTS TO SEE THIS DIR
-				ex_group = normalForm.cleaned_data['group_ex'].split(",")
+			groupsofstandard = standard
-				for v in ex_group:
-					if(v.isdigit()):
-						standard.executor_group.add(AgencyGroup.objects.get(pk=v))
 
-				# AUTHORITY
+			userisingroup = False
-				ver_group = normalForm.cleaned_data['group_ver'].split(",")
-				for v in ver_group:
-					if(v.isdigit()):
-						standard.representative_group.add(AgencyGroup.objects.get(pk=v))
 
-				# ADD GROUPS
+			if len(groupsofstandard.visibleby.all()) == 0:
-				groups = normalForm.cleaned_data['checked_groups'].split(",")
+				userisingroup = True
+			else:
+				for ag in groupsofstandard.visibleby.all():
+					
+					if ag.group in request.user.groups.all():
+						userisingroup = True
+			
+			if userisingroup:
 				
-				for g in groups:
+				normalForm = StandardUpdateStandard(request.POST, instance=standard)
-					if(g.isdigit()):
+				editorForm = StandardUpdateStandardEditor(request.POST, instance=standard)
-						standard.visibleby.add(AgencyGroup.objects.get(pk=g))
 
-				# ADD STANDARDS
+				if editorForm.is_valid() and normalForm.is_valid():
-				standards = normalForm.cleaned_data['added_standards'].split(",")
+					standard.last_modified_by = request.user
-				for s in standards:
+					standard.last_modified_on = datetime.now()
-					if(s.isdigit()):
+					standard.task = normalForm.cleaned_data['task']
-						standard.linked_standards.add(Standards.objects.get(pk=s))
+					standard.area = normalForm.cleaned_data['area']
+					standard.name = normalForm.cleaned_data['name']
+					standard.public = normalForm.cleaned_data['public']
+					standard.content = editorForm.cleaned_data['content']		
+					standard.freefield_content = normalForm.cleaned_data['freefield_content']
+					standard.freefield_title = normalForm.cleaned_data['freefield_title']
+
+					# Clear Users, will set again next step
+					standard.authority.clear()
+					standard.executor.clear()
+					standard.representative.clear()
+
+					# GROUPS
+					standard.authority_group.clear()
+					standard.executor_group.clear()
+					standard.representative_group.clear()
+
+					standard.visibleby.clear()
+					standard.linked_standards.clear()
+					standard.addedfiles.clear()
+					standard.addedquicklinks.clear()
+					standard.addedpasswords.clear()
+					standard.addedcontacts.clear()
+
+					# ADD NEW INFOS
+					# REPRESENTATIV
+					verant = normalForm.cleaned_data['us_verant'].split(",")
+					for v in verant:
+						if(v.isdigit()):
+							standard.authority.add(User.objects.get(pk=v))
+
+					# EXECUTORS
+					ex = normalForm.cleaned_data['us_ex'].split(",")
+					for v in ex:
+						if(v.isdigit()):
+							standard.executor.add(User.objects.get(pk=v))
+
+					# AUTHORITY
+					ver = normalForm.cleaned_data['us_ver'].split(",")
+					for v in ver:
+						if(v.isdigit()):
+							standard.representative.add(User.objects.get(pk=v))
+
+
+					verant_group = normalForm.cleaned_data['group_verant'].split(",")
+					for v in verant_group:
+						if(v.isdigit()):
+							standard.authority_group.add(AgencyGroup.objects.get(pk=v))
+
+					# EXECUTORS
+					ex_group = normalForm.cleaned_data['group_ex'].split(",")
+					for v in ex_group:
+						if(v.isdigit()):
+							standard.executor_group.add(AgencyGroup.objects.get(pk=v))
+
+					# AUTHORITY
+					ver_group = normalForm.cleaned_data['group_ver'].split(",")
+					for v in ver_group:
+						if(v.isdigit()):
+							standard.representative_group.add(AgencyGroup.objects.get(pk=v))
+
+					# ADD GROUPS
+					groups = normalForm.cleaned_data['checked_groups'].split(",")
+					
+					for g in groups:
+						if(g.isdigit()):
+							standard.visibleby.add(AgencyGroup.objects.get(pk=g))
+
+					# ADD STANDARDS
+					standards = normalForm.cleaned_data['added_standards'].split(",")
+					for s in standards:
+						if(s.isdigit()):
+							standard.linked_standards.add(Standards.objects.get(pk=s))
+					
+					# ADD FILES
+					files = normalForm.cleaned_data['added_files'].split(",")
+					for f in files:
+						if(f.isdigit()):
+							standard.addedfiles.add(DataFile.objects.get(pk=f))
+
+					# ADD QUICKLINKS
+					quicklinks = normalForm.cleaned_data['added_quicklinks'].split(",")
+					for f in quicklinks:
+						if(f.isdigit()):
+							standard.addedquicklinks.add(QuickLinks.objects.get(pk=f))
+
+					# ADD PASSWORDS
+					addedpasswords = normalForm.cleaned_data['added_passwords'].split(",")
+					for f in addedpasswords:
+						if(f.isdigit()):
+							standard.addedpasswords.add(AGPassword.objects.get(pk=f))
+
+					# ADD CONTACTS
+					contacts = normalForm.cleaned_data['added_contacts'].split(",")
+					for f in contacts:
+						if(f.isdigit()):
+							standard.addedcontacts.add(AGContacts.objects.get(pk=f))
+
+					# ADD TO NETWORKS
+					networks = normalForm.cleaned_data['checked_networks'].split(",")
+					'''
+					Alle Agenturverbunde laden, in denen die Agentur drin ist.
+					'''
+					agencynetworks_all = AgencyNetwork.objects.all()
+					agencynetworks = []
+					for a in agencynetworks_all:
+						if request.user.profile.agency in a.adminagencys.all() or request.user.profile.agency in a.members.all() or request.user.profile.agency in a.sharemembers.all():
+							agencynetworks.append(a)
+
+
+					agencynetworks_standard_in = []
+
+					# Agenturverbünde, in denen der Standard drin sein soll
+					for f in networks:
+						if(f.isdigit()):
+							tempnetwork = AgencyNetwork.objects.get(pk=f)
+							#tempnetwork.standards.add(standard)
+							agencynetworks_standard_in.append(tempnetwork)
+
+					#print(agencynetworks_standard_in)
+
+					# Wenn Standard im gewünschten Verbund, dann rein, ansonsten raus
+					for a in agencynetworks:
+						if a in agencynetworks_standard_in and standard not in a.standards.all():
+							a.standards.add(standard)
+						elif a not in agencynetworks_standard_in:
+							a.standards.remove(standard)
+
+
+					'''
+						Info an die Agenturen über einen neuen Standard
+
+					'''
+					agency_send = []
+					for agencynetwork_single in agencynetworks_standard_in:
+						for agn_admin in agencynetwork_single.adminagencys.all():
+							if(agn_admin not in agency_send):
+								agency_send.append(agn_admin)
+								if agn_admin != request.user.profile.agency:
+									users_of_other_ag = User.objects.filter(profile__agency=agn_admin)
+									for u in users_of_other_ag:
+										if u.has_perm('users.standardmanager') and u.has_perm('users.agencynetwork'):
+											if u.usernotifications.agn_standard_created_mail:
+												notificationtext = "im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name
+												sendMailNoti(notificationtext, u)
+
+											if u.usernotifications.agn_standard_created_push:
+												newnotification = UserNotification(touser=u, notificationtext="im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name, notificationtype="")
+												newnotification.save()
+
+												channel_layer = channels.layers.get_channel_layer()
+												async_to_sync(channel_layer.group_send)("user_" + str(u.pk), {'type' : 'pushhandler', 'pushtext' : "pushnotification__Agenturverbund | Im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name})
+						for agn_admin in agencynetwork_single.members.all():
+							if(agn_admin not in agency_send):
+								agency_send.append(agn_admin)
+								if agn_admin != request.user.profile.agency:
+									users_of_other_ag = User.objects.filter(profile__agency=agn_admin)
+									for u in users_of_other_ag:
+										if u.has_perm('users.standardmanager') and u.has_perm('users.agencynetwork'):
+											if u.usernotifications.agn_standard_created_mail:
+												notificationtext = "im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name
+												sendMailNoti(notificationtext, u)
+
+											if u.usernotifications.agn_standard_created_push:
+												newnotification = UserNotification(touser=u, notificationtext="im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name, notificationtype="")
+												newnotification.save()
+
+												channel_layer = channels.layers.get_channel_layer()
+												async_to_sync(channel_layer.group_send)("user_" + str(u.pk), {'type' : 'pushhandler', 'pushtext' : "pushnotification__Agenturverbund | Im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name})
+						for agn_admin in agencynetwork_single.sharemembers.all():
+							if(agn_admin not in agency_send):
+								agency_send.append(agn_admin)
+								if agn_admin != request.user.profile.agency:
+									users_of_other_ag = User.objects.filter(profile__agency=agn_admin)
+									for u in users_of_other_ag:
+										if u.has_perm('users.standardmanager') and u.has_perm('users.agencynetwork'):
+											if u.usernotifications.agn_standard_created_mail:
+												notificationtext = "im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name
+												sendMailNoti(notificationtext, u)
+
+											if u.usernotifications.agn_standard_created_push:
+												newnotification = UserNotification(touser=u, notificationtext="im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name, notificationtype="")
+												newnotification.save()
+
+												channel_layer = channels.layers.get_channel_layer()
+												async_to_sync(channel_layer.group_send)("user_" + str(u.pk), {'type' : 'pushhandler', 'pushtext' : "pushnotification__Agenturverbund | Im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name})
+						# Clear sended Agencys for multiple Networks
+						agency_send = []
+		
+					if request.user.has_perm('users.standardmanager'):
+						messages.success(request, f'Standard {standard.name} aktualisiert!')			
+					else:
+						if standard.public:
+							standard.public = False	
+							messages.warning(request, f'Standard <a href="#">{standard.name}</a> aktualisiert und ist nicht mehr öffentlich, damit Änderungen geprüft werden können.')												
+						else:
+							messages.success(request, f'Standard <a href="#">{standard.name}</a> aktualisiert!')												
+					standard.save()
+					return redirect('/standards')	
+		# SHOW EXISTING STANDARD
+		else:
+
+
+			# CHECK IF USER HAS RIGHTS TO SEE THIS DIR
+			groupsofstandard = standard
+
+			userisingroup = False
+
+			if len(groupsofstandard.visibleby.all()) == 0:
+				userisingroup = True
+			else:
+				for ag in groupsofstandard.visibleby.all():
+					
+					if ag.group in request.user.groups.all():
+						userisingroup = True
+			
+			if userisingroup:
 				
-				# ADD FILES
-				files = normalForm.cleaned_data['added_files'].split(",")
-				for f in files:
-					if(f.isdigit()):
-						standard.addedfiles.add(DataFile.objects.get(pk=f))
 
-				# ADD QUICKLINKS
-				quicklinks = normalForm.cleaned_data['added_quicklinks'].split(",")
-				for f in quicklinks:
-					if(f.isdigit()):
-						standard.addedquicklinks.add(QuickLinks.objects.get(pk=f))
 
-				# ADD PASSWORDS
-				addedpasswords = normalForm.cleaned_data['added_passwords'].split(",")
-				for f in addedpasswords:
-					if(f.isdigit()):
-						standard.addedpasswords.add(AGPassword.objects.get(pk=f))
 
-				# ADD CONTACTS
-				contacts = normalForm.cleaned_data['added_contacts'].split(",")
-				for f in contacts:
-					if(f.isdigit()):
-						standard.addedcontacts.add(AGContacts.objects.get(pk=f))
 
-				# ADD TO NETWORKS
+
-				networks = normalForm.cleaned_data['checked_networks'].split(",")
+				normalForm = StandardUpdateStandard(instance=standard)
-				'''
+				editorForm = StandardUpdateStandardEditor(instance=standard)
-				Alle Agenturverbunde laden, in denen die Agentur drin ist.
+				# GET ALL DATAS FROM STANDARD
-				'''
+				# FILES
+				possibleFilesByVisible = []
+
+				allfiles = DataFile.objects.filter(agency=request.user.profile.agency)
+				# Get all files by view
+				for f in allfiles:		
+					actParent = DataDir.objects.get(pk=f.parent.pk)
+					if actParent.is_root:
+						possibleFilesByVisible.append(f)
+					else:
+						if(checkUserDirRights(request, actParent, request.user.pk)):
+							possibleFilesByVisible.append(f)
+
+				# Remove files which are in standard
+				for f in possibleFilesByVisible:
+					if f in standard.addedfiles.all():
+						possibleFilesByVisible.remove(f)
+
+
+				# STANDARDS
+				possible_standards = []
+				allstandards = Standards.objects.filter(agency=request.user.profile.agency, public=True)
+
+				for s in allstandards:
+					if s not in standard.linked_standards.all():
+						possible_standards.append(s)
+
+
+				# USERS VER AUTH EX
+				possible_verant = User.objects.filter(profile__agency__pk=request.user.profile.agency.pk)
+				possible_verant_final = []
+				for pv in possible_verant:
+					if pv not in standard.authority.all():
+						possible_verant_final.append(pv)
+
+				possible_ex = User.objects.filter(profile__agency__pk=request.user.profile.agency.pk)
+				possible_ex_final = []
+				for pv in possible_ex:
+					if pv not in standard.executor.all():
+						possible_ex_final.append(pv)
+
+				possible_ver = User.objects.filter(profile__agency__pk=request.user.profile.agency.pk)
+				possible_ver_final = []
+				for pv in possible_ver:
+					if pv not in standard.representative.all():
+						possible_ver_final.append(pv)
+
+
+				# GROUPS VER AUTH EX
+				#possible_verant_group_final
+				#possible_ex_group_final
+				#possible_ver_group_final
+				possible_verant_group = AgencyGroup.objects.filter(agency=request.user.profile.agency)
+				possible_verant_group_final = []
+				for g in possible_verant_group:
+					if g not in standard.authority_group.all():
+						possible_verant_group_final.append(g)
+
+				possible_ex_group = AgencyGroup.objects.filter(agency=request.user.profile.agency)
+				possible_ex_group_final = []
+				for g in possible_ex_group:
+					if g not in standard.executor_group.all():
+						possible_ex_group_final.append(g)
+
+				possible_ver_group = AgencyGroup.objects.filter(agency=request.user.profile.agency)
+				possible_ver_group_final = []
+				for g in possible_ver_group:
+					if g not in standard.representative_group.all():
+						possible_ver_group_final.append(g)
+
+
+
+				# QUICKLINKS
+				possible_quicklinks = []
+				quicklinks = QuickLinks.objects.filter(agency=request.user.profile.agency) 
+
+				for q in quicklinks:
+					if q not in standard.addedquicklinks.all():
+						possible_quicklinks.append(q)
+
+				# CONTACTS
+				possible_contacts = []
+				contacts = AGContacts.objects.filter(agency=request.user.profile.agency) 
+
+				for q in contacts:
+					if q not in standard.addedcontacts.all():
+						possible_contacts.append(q)
+
+				# PASSWORDS
+				possible_passwords = []
+				contacts = AGPassword.objects.filter(agency=request.user.profile.agency) 
+
+				for q in contacts:
+					if q not in standard.addedpasswords.all():
+						possible_passwords.append(q)
+
+				# AGENCYNETWORKS
+
 				agencynetworks_all = AgencyNetwork.objects.all()
 				agencynetworks = []
+
 				for a in agencynetworks_all:
 					if request.user.profile.agency in a.adminagencys.all() or request.user.profile.agency in a.members.all() or request.user.profile.agency in a.sharemembers.all():
 						agencynetworks.append(a)
 
+				# GROUPS
+				# Nicht nötig, da alles über agencygroups und direkt im Standard gemacht wird
 
-				agencynetworks_standard_in = []
+				context =  {				
-
+					'normalForm' : normalForm,
-				# Agenturverbünde, in denen der Standard drin sein soll
+					'editorForm' : editorForm,
-				for f in networks:
+					'standard' : standard,
-					if(f.isdigit()):
+					'files' : possibleFilesByVisible,				
-						tempnetwork = AgencyNetwork.objects.get(pk=f)
+					'standard_possible' : possible_standards,
-						#tempnetwork.standards.add(standard)
+					'poss_verant' : possible_verant_final,
-						agencynetworks_standard_in.append(tempnetwork)
+					'poss_ex' : possible_ex_final,
-
+					'poss_ver' : possible_ver_final,
-				#print(agencynetworks_standard_in)
+					'possgroup_verant' : possible_verant_group_final,
-
+					'possgroup_ex' : possible_ex_group_final,
-				# Wenn Standard im gewünschten Verbund, dann rein, ansonsten raus
+					'possgroup_ver' : possible_ver_group_final,
-				for a in agencynetworks:
+					'possible_quicklinks' : possible_quicklinks,
-					if a in agencynetworks_standard_in and standard not in a.standards.all():
+					'possible_passwords' : possible_passwords,
-						a.standards.add(standard)
+					'possible_contacts' : possible_contacts,
-					elif a not in agencynetworks_standard_in:
+					'agencynetworks' : agencynetworks,				
-						a.standards.remove(standard)
+					'agencygroups' : AgencyGroup.objects.filter(agency=request.user.profile.agency),
-
+					'parentid' : list(DataDir.objects.filter(agency=request.user.profile.agency, is_root=True))[0].pk,
-
+					'active_link' : 'standards',				
-				'''
+					'update' : True,
-					Info an die Agenturen über einen neuen Standard
+					'aggroups' : AgencyGroup.objects.filter(agency=request.user.profile.agency)
-
+					}			
-				'''
+				return render(request, 'standards/standards_add.html', context)
-				agency_send = []
+			else:
-				for agencynetwork_single in agencynetworks_standard_in:
+				context = {
-					for agn_admin in agencynetwork_single.adminagencys.all():
+					'active_link':'standards'
-						if(agn_admin not in agency_send):
+				}
-							agency_send.append(agn_admin)
+				return render(request, 'standards/standards_noentrie.html', context)
-							if agn_admin != request.user.profile.agency:
-								users_of_other_ag = User.objects.filter(profile__agency=agn_admin)
-								for u in users_of_other_ag:
-									if u.has_perm('users.standardmanager') and u.has_perm('users.agencynetwork'):
-										if u.usernotifications.agn_standard_created_mail:
-											notificationtext = "im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name
-											sendMailNoti(notificationtext, u)
-
-										if u.usernotifications.agn_standard_created_push:
-											newnotification = UserNotification(touser=u, notificationtext="im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name, notificationtype="")
-											newnotification.save()
-
-											channel_layer = channels.layers.get_channel_layer()
-											async_to_sync(channel_layer.group_send)("user_" + str(u.pk), {'type' : 'pushhandler', 'pushtext' : "pushnotification__Agenturverbund | Im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name})
-					for agn_admin in agencynetwork_single.members.all():
-						if(agn_admin not in agency_send):
-							agency_send.append(agn_admin)
-							if agn_admin != request.user.profile.agency:
-								users_of_other_ag = User.objects.filter(profile__agency=agn_admin)
-								for u in users_of_other_ag:
-									if u.has_perm('users.standardmanager') and u.has_perm('users.agencynetwork'):
-										if u.usernotifications.agn_standard_created_mail:
-											notificationtext = "im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name
-											sendMailNoti(notificationtext, u)
-
-										if u.usernotifications.agn_standard_created_push:
-											newnotification = UserNotification(touser=u, notificationtext="im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name, notificationtype="")
-											newnotification.save()
-
-											channel_layer = channels.layers.get_channel_layer()
-											async_to_sync(channel_layer.group_send)("user_" + str(u.pk), {'type' : 'pushhandler', 'pushtext' : "pushnotification__Agenturverbund | Im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name})
-					for agn_admin in agencynetwork_single.sharemembers.all():
-						if(agn_admin not in agency_send):
-							agency_send.append(agn_admin)
-							if agn_admin != request.user.profile.agency:
-								users_of_other_ag = User.objects.filter(profile__agency=agn_admin)
-								for u in users_of_other_ag:
-									if u.has_perm('users.standardmanager') and u.has_perm('users.agencynetwork'):
-										if u.usernotifications.agn_standard_created_mail:
-											notificationtext = "im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name
-											sendMailNoti(notificationtext, u)
-
-										if u.usernotifications.agn_standard_created_push:
-											newnotification = UserNotification(touser=u, notificationtext="im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name, notificationtype="")
-											newnotification.save()
-
-											channel_layer = channels.layers.get_channel_layer()
-											async_to_sync(channel_layer.group_send)("user_" + str(u.pk), {'type' : 'pushhandler', 'pushtext' : "pushnotification__Agenturverbund | Im Agenturverbund " + agencynetwork_single.name + " wurde ein neuer Standard geteilt: " + standard.name})
-					# Clear sended Agencys for multiple Networks
-					agency_send = []
-	
-				if request.user.has_perm('users.standardmanager'):
-					messages.success(request, f'Standard {standard.name} aktualisiert!')			
-				else:
-					if standard.public:
-						standard.public = False	
-						messages.warning(request, f'Standard <a href="#">{standard.name}</a> aktualisiert und ist nicht mehr öffentlich, damit Änderungen geprüft werden können.')												
-					else:
-						messages.success(request, f'Standard <a href="#">{standard.name}</a> aktualisiert!')												
-				standard.save()
-				return redirect('/standards')	
-		# SHOW EXISTING STANDARD
-		else:
-			normalForm = StandardUpdateStandard(instance=standard)
-			editorForm = StandardUpdateStandardEditor(instance=standard)
-			# GET ALL DATAS FROM STANDARD
-			# FILES
-			possibleFilesByVisible = []
-
-			allfiles = DataFile.objects.filter(agency=request.user.profile.agency)
-			# Get all files by view
-			for f in allfiles:		
-				actParent = DataDir.objects.get(pk=f.parent.pk)
-				if actParent.is_root:
-					possibleFilesByVisible.append(f)
-				else:
-					if(checkUserDirRights(request, actParent, request.user.pk)):
-						possibleFilesByVisible.append(f)
-
-			# Remove files which are in standard
-			for f in possibleFilesByVisible:
-				if f in standard.addedfiles.all():
-					possibleFilesByVisible.remove(f)
-
-
-			# STANDARDS
-			possible_standards = []
-			allstandards = Standards.objects.filter(agency=request.user.profile.agency, public=True)
-
-			for s in allstandards:
-				if s not in standard.linked_standards.all():
-					possible_standards.append(s)
-
-
-			# USERS VER AUTH EX
-			possible_verant = User.objects.filter(profile__agency__pk=request.user.profile.agency.pk)
-			possible_verant_final = []
-			for pv in possible_verant:
-				if pv not in standard.authority.all():
-					possible_verant_final.append(pv)
-
-			possible_ex = User.objects.filter(profile__agency__pk=request.user.profile.agency.pk)
-			possible_ex_final = []
-			for pv in possible_ex:
-				if pv not in standard.executor.all():
-					possible_ex_final.append(pv)
-
-			possible_ver = User.objects.filter(profile__agency__pk=request.user.profile.agency.pk)
-			possible_ver_final = []
-			for pv in possible_ver:
-				if pv not in standard.representative.all():
-					possible_ver_final.append(pv)
-
-
-			# GROUPS VER AUTH EX
-			#possible_verant_group_final
-			#possible_ex_group_final
-			#possible_ver_group_final
-			possible_verant_group = AgencyGroup.objects.filter(agency=request.user.profile.agency)
-			possible_verant_group_final = []
-			for g in possible_verant_group:
-				if g not in standard.authority_group.all():
-					possible_verant_group_final.append(g)
-
-			possible_ex_group = AgencyGroup.objects.filter(agency=request.user.profile.agency)
-			possible_ex_group_final = []
-			for g in possible_ex_group:
-				if g not in standard.executor_group.all():
-					possible_ex_group_final.append(g)
-
-			possible_ver_group = AgencyGroup.objects.filter(agency=request.user.profile.agency)
-			possible_ver_group_final = []
-			for g in possible_ver_group:
-				if g not in standard.representative_group.all():
-					possible_ver_group_final.append(g)
-
-
-
-			# QUICKLINKS
-			possible_quicklinks = []
-			quicklinks = QuickLinks.objects.filter(agency=request.user.profile.agency) 
-
-			for q in quicklinks:
-				if q not in standard.addedquicklinks.all():
-					possible_quicklinks.append(q)
-
-			# CONTACTS
-			possible_contacts = []
-			contacts = AGContacts.objects.filter(agency=request.user.profile.agency) 
-
-			for q in contacts:
-				if q not in standard.addedcontacts.all():
-					possible_contacts.append(q)
-
-			# PASSWORDS
-			possible_passwords = []
-			contacts = AGPassword.objects.filter(agency=request.user.profile.agency) 
-
-			for q in contacts:
-				if q not in standard.addedpasswords.all():
-					possible_passwords.append(q)
-
-			# AGENCYNETWORKS
-
-			agencynetworks_all = AgencyNetwork.objects.all()
-			agencynetworks = []
-
-			for a in agencynetworks_all:
-				if request.user.profile.agency in a.adminagencys.all() or request.user.profile.agency in a.members.all() or request.user.profile.agency in a.sharemembers.all():
-					agencynetworks.append(a)
-
-			# GROUPS
-			# Nicht nötig, da alles über agencygroups und direkt im Standard gemacht wird
-
-			context =  {				
-				'normalForm' : normalForm,
-				'editorForm' : editorForm,
-				'standard' : standard,
-				'files' : possibleFilesByVisible,				
-				'standard_possible' : possible_standards,
-				'poss_verant' : possible_verant_final,
-				'poss_ex' : possible_ex_final,
-				'poss_ver' : possible_ver_final,
-				'possgroup_verant' : possible_verant_group_final,
-				'possgroup_ex' : possible_ex_group_final,
-				'possgroup_ver' : possible_ver_group_final,
-				'possible_quicklinks' : possible_quicklinks,
-				'possible_passwords' : possible_passwords,
-				'possible_contacts' : possible_contacts,
-				'agencynetworks' : agencynetworks,				
-				'agencygroups' : AgencyGroup.objects.filter(agency=request.user.profile.agency),
-				'parentid' : list(DataDir.objects.filter(agency=request.user.profile.agency, is_root=True))[0].pk,
-				'active_link' : 'standards',				
-				'update' : True,
-				'aggroups' : AgencyGroup.objects.filter(agency=request.user.profile.agency)
-				}			
-		return render(request, 'standards/standards_add.html', context)
 
 
 '''
@@ -713,6 +760,7 @@ def StandardSingle(request, pk):
 		userisingroup = True
 	else:
 		for ag in groupsofstandard.visibleby.all():
+			
 			if ag.group in request.user.groups.all():
 				userisingroup = True