2 files changed, 8 insertions, 5 deletions

diff --git a/archaeological_finds/forms.py b/archaeological_finds/forms.py
index b77560ac9..cf08e1a19 100644
--- a/archaeological_finds/forms.py
+++ b/archaeological_finds/forms.py
@@ -448,7 +448,7 @@ class QAFindBasketForm(IshtarForm):
         choices=(('create', _(u"Create")),
                  ('update', _(u"Update"))), initial='create')
     label = forms.CharField(label="", max_length=None, required=False)
-    basket = forms.ChoiceField(label=_(u"Basket"), required=True, choices=[])
+    basket = forms.ChoiceField(label=_(u"Basket"), required=False, choices=[])
 
     def __init__(self, *args, **kwargs):
         self.user = None
@@ -468,6 +468,9 @@ class QAFindBasketForm(IshtarForm):
 
     def clean(self):
         if self.cleaned_data['create_or_update'] == 'update':
+            if not self.cleaned_data['basket']:
+                raise forms.ValidationError(
+                    _(u"On update, you have to select a basket."))
             return self.cleaned_data
         label = self.cleaned_data['label'].strip()
         if not label:
@@ -986,8 +989,8 @@ class FindBasketAddItemForm(forms.Form):
             raise PermissionDenied
         # check rights
         if not user.user_ptr.is_superuser and \
-                not user.has_right('change_find') and \
-                not (user.has_right('change_own_find')
+                not user.has_right('view_find') and \
+                not (user.has_right('view_own_find')
                      and item.is_own(user)):
             raise PermissionDenied
         basket.items.add(item)
diff --git a/archaeological_finds/views.py b/archaeological_finds/views.py
index e930c0830..7855b5099 100644
--- a/archaeological_finds/views.py
+++ b/archaeological_finds/views.py
@@ -336,8 +336,8 @@ class FindBasketDeleteItemView(IshtarMixin, LoginRequiredMixin, TemplateView):
         except models.FindBasket.DoesNotExist:
             raise PermissionDenied
         if not user.is_superuser and \
-                not ishtaruser.has_right('change_find') and \
-                not (ishtaruser.has_right('change_own_find')
+                not ishtaruser.has_right('view_find') and \
+                not (ishtaruser.has_right('view_own_find')
                      and find.is_own(user)):
             raise PermissionDenied
         basket.items.remove(find)