Fix QA basket form validation. Basket: fix rights for basket management.

author: Étienne Loks <etienne.loks@iggdrasil.net> 2018-10-10 18:46:31 +0200
committer: Étienne Loks <etienne.loks@iggdrasil.net> 2018-10-24 12:06:09 +0200
commit: 277ebc5db6548c63e2fdeb29863b7f90044013da (patch)
tree: 6287ef95e9e496aff0f3d837f3ac5a0834a53bcc /archaeological_finds/views.py
parent: 4eb42ac52879dbe377dace0f0bf16df33c13aaf9 (diff)
download: Ishtar-277ebc5db6548c63e2fdeb29863b7f90044013da.tar.bz2
Ishtar-277ebc5db6548c63e2fdeb29863b7f90044013da.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/archaeological_finds/views.py b/archaeological_finds/views.py
index e930c0830..7855b5099 100644
--- a/archaeological_finds/views.py
+++ b/archaeological_finds/views.py
@@ -336,8 +336,8 @@ class FindBasketDeleteItemView(IshtarMixin, LoginRequiredMixin, TemplateView):
         except models.FindBasket.DoesNotExist:
             raise PermissionDenied
         if not user.is_superuser and \
-                not ishtaruser.has_right('change_find') and \
-                not (ishtaruser.has_right('change_own_find')
+                not ishtaruser.has_right('view_find') and \
+                not (ishtaruser.has_right('view_own_find')
                      and find.is_own(user)):
             raise PermissionDenied
         basket.items.remove(find)
author	Étienne Loks <etienne.loks@iggdrasil.net>	2018-10-10 18:46:31 +0200
committer	Étienne Loks <etienne.loks@iggdrasil.net>	2018-10-24 12:06:09 +0200
commit	277ebc5db6548c63e2fdeb29863b7f90044013da (patch)
tree	6287ef95e9e496aff0f3d837f3ac5a0834a53bcc /archaeological_finds/views.py
parent	4eb42ac52879dbe377dace0f0bf16df33c13aaf9 (diff)
download	Ishtar-277ebc5db6548c63e2fdeb29863b7f90044013da.tar.bz2 Ishtar-277ebc5db6548c63e2fdeb29863b7f90044013da.zip