diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2017-11-06 17:58:21 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2017-11-06 17:58:21 +0100 |
| commit | 180f6fe58378e84b97ac3bf1beb36e08d13eeb70 (patch) | |
| tree | 4e7ef7a44e378d57dc1bdc7a8d144bcb6fdc0aa2 | |
| parent | f0169853a78fbe3a8c851be9b420d1aaeb45382f (diff) | |
| download | Ishtar-180f6fe58378e84b97ac3bf1beb36e08d13eeb70.tar.bz2 Ishtar-180f6fe58378e84b97ac3bf1beb36e08d13eeb70.zip | |
Fix basket management
| -rw-r--r-- | archaeological_finds/forms.py | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/archaeological_finds/forms.py b/archaeological_finds/forms.py index 1f81cf52f..87aaf76a9 100644 --- a/archaeological_finds/forms.py +++ b/archaeological_finds/forms.py @@ -787,7 +787,7 @@ class FindBasketAddItemForm(forms.Form): def save(self, user): try: basket = models.FindBasket.objects.get( - pk=self.cleaned_data['basket_id'], user=user.ishtaruser) + pk=self.cleaned_data['basket_id'], user=user) item = models.Find.objects.get( pk=self.cleaned_data['item_id']) except models.FindBasket.DoesNotExist or\ @@ -795,9 +795,9 @@ class FindBasketAddItemForm(forms.Form): # something strange... TODO: log it raise PermissionDenied # check rights - if not user.is_superuser and \ - not user.ishtaruser.has_right('change_find') and \ - not (user.ishtaruser.has_right('change_own_find') + if not user.user_ptr.is_superuser and \ + not user.has_right('change_find') and \ + not (user.has_right('change_own_find') and item.is_own(user)): raise PermissionDenied basket.items.add(item) |