🚑️ dating form: fix permission for "administrator"

author: Étienne Loks <etienne.loks@iggdrasil.net> 2026-01-19 15:53:24 +0100
committer: Étienne Loks <etienne.loks@iggdrasil.net> 2026-01-19 15:53:24 +0100
commit: 2ebd92aca2dd8373895a4620d621a57ea0849c25 (patch)
tree: 102f46367b4c574e14badfb62678af5c93bbc646
parent: 39e3b7363a9e10d8f2506906fb8a5eb56a66b538 (diff)
download: Ishtar-2ebd92aca2dd8373895a4620d621a57ea0849c25.tar.bz2
Ishtar-2ebd92aca2dd8373895a4620d621a57ea0849c25.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/archaeological_context_records/views.py b/archaeological_context_records/views.py
index 1c6cdb701..2684afc9f 100644
--- a/archaeological_context_records/views.py
+++ b/archaeological_context_records/views.py
@@ -201,12 +201,13 @@ def get_dating_form(model, dating_model, url_name):
             item = model.objects.get(pk=pk)
         except model.DoesNotExist:
             raise Http404()
+        # permission not provided
+        if not current_right:
+            raise PermissionDenied()
+        # specificaly check permission for own item, otherwise already checked
         if "_own_" in current_right:
             if not request.user.has_perm(current_right, item):
                 raise PermissionDenied()
-        elif current_right:
-            if not request.user.has_perm(current_right):
-                raise PermissionDenied()
         initial = {}
         if dating_pk:
             try:
author	Étienne Loks <etienne.loks@iggdrasil.net>	2026-01-19 15:53:24 +0100
committer	Étienne Loks <etienne.loks@iggdrasil.net>	2026-01-19 15:53:24 +0100
commit	2ebd92aca2dd8373895a4620d621a57ea0849c25 (patch)
tree	102f46367b4c574e14badfb62678af5c93bbc646
parent	39e3b7363a9e10d8f2506906fb8a5eb56a66b538 (diff)
download	Ishtar-2ebd92aca2dd8373895a4620d621a57ea0849c25.tar.bz2 Ishtar-2ebd92aca2dd8373895a4620d621a57ea0849c25.zip