Access control: fix evaluation of availability of actions

1 files changed, 11 insertions, 7 deletions

diff --git a/ishtar_common/menu_base.py b/ishtar_common/menu_base.py
index 0117b375d..c6d02daa5 100644
--- a/ishtar_common/menu_base.py
+++ b/ishtar_common/menu_base.py
@@ -87,18 +87,22 @@ class MenuItem:
             return False
         if not self.access_controls:
             return True
+        if not hasattr(user, 'ishtaruser'):
+            return False
+        # manage by specific idx - person type
+        if user.ishtaruser.has_right(self.idx, session=session):
+            return True
         prefix = (self.model._meta.app_label + '.') if self.model else ''
         for access_control in self.access_controls:
+            # check by person type
+            if user.ishtaruser.has_right(access_control, session=session):
+                return True
             access_control = prefix + access_control
-            if hasattr(user, 'ishtaruser') and \
-                user.ishtaruser.has_perm(access_control, self.model,
-                                         session=session) or \
+            # check by specific access control
+            if user.ishtaruser.has_perm(access_control, self.model,
+                                        session=session) or \
                access_control in user.get_group_permissions():
                 return True
-        # manage by person type
-        if hasattr(user, 'ishtaruser'):
-            if user.ishtaruser.has_right(self.idx, session=session):
-                return True
         return False
 
     def is_available(self, user, obj=None, session=None):