Fix QA basket form validation. Basket: fix rights for basket management.

author: Étienne Loks <etienne.loks@iggdrasil.net> 2018-10-10 18:46:31 +0200
committer: Étienne Loks <etienne.loks@iggdrasil.net> 2018-10-24 12:06:09 +0200
commit: c765048479359088383a01c358fbd2591a6c9da4 (patch)
tree: 6287ef95e9e496aff0f3d837f3ac5a0834a53bcc /archaeological_finds/views.py
parent: 46c96e1772486c6c98e7a371c862208230baa437 (diff)
download: Ishtar-c765048479359088383a01c358fbd2591a6c9da4.tar.bz2
Ishtar-c765048479359088383a01c358fbd2591a6c9da4.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/archaeological_finds/views.py b/archaeological_finds/views.py
index e930c0830..7855b5099 100644
--- a/archaeological_finds/views.py
+++ b/archaeological_finds/views.py
@@ -336,8 +336,8 @@ class FindBasketDeleteItemView(IshtarMixin, LoginRequiredMixin, TemplateView):
         except models.FindBasket.DoesNotExist:
             raise PermissionDenied
         if not user.is_superuser and \
-                not ishtaruser.has_right('change_find') and \
-                not (ishtaruser.has_right('change_own_find')
+                not ishtaruser.has_right('view_find') and \
+                not (ishtaruser.has_right('view_own_find')
                      and find.is_own(user)):
             raise PermissionDenied
         basket.items.remove(find)
author	Étienne Loks <etienne.loks@iggdrasil.net>	2018-10-10 18:46:31 +0200
committer	Étienne Loks <etienne.loks@iggdrasil.net>	2018-10-24 12:06:09 +0200
commit	c765048479359088383a01c358fbd2591a6c9da4 (patch)
tree	6287ef95e9e496aff0f3d837f3ac5a0834a53bcc /archaeological_finds/views.py
parent	46c96e1772486c6c98e7a371c862208230baa437 (diff)
download	Ishtar-c765048479359088383a01c358fbd2591a6c9da4.tar.bz2 Ishtar-c765048479359088383a01c358fbd2591a6c9da4.zip