2 files changed, 12 insertions, 8 deletions

diff --git a/archaeological_finds/wizards.py b/archaeological_finds/wizards.py
index 3314759d1..8a7a3a513 100644
--- a/archaeological_finds/wizards.py
+++ b/archaeological_finds/wizards.py
@@ -156,19 +156,24 @@ class TreatmentWizard(Wizard):
         """
         dct = super(TreatmentWizard, self).get_extra_model(dct, form_list)
         if 'resulting_pk' in dct:
-            try:
-                find = models.Find.objects.get(pk=dct.pop('resulting_pk'))
-                if 'own' in self.current_right \
-                        and not find.is_own(dct['history_modifier']):
+            dct['items'] = []
+            pks = dct.pop('resulting_pk').split(u',')
+            for pk in pks:
+                try:
+                    find = models.Find.objects.get(pk=pk)
+                    dct['items'].append(find)
+                except models.Find.DoesNotExist:
                     raise PermissionDenied
-                dct['items'] = [find]
-            except models.Find.DoesNotExist:
-                raise PermissionDenied
         if 'basket' in dct:
             basket = dct.pop('basket')
             if basket.user.pk != dct['history_modifier'].pk:
                 raise PermissionDenied
             dct['items'] = list(basket.items.all())
+
+        for find in dct['items']:
+            if 'own' in self.current_right \
+                    and not find.is_own(dct['history_modifier']):
+                raise PermissionDenied
         return dct
 
 
diff --git a/ishtar_common/forms.py b/ishtar_common/forms.py
index 63551ede2..0c93016b1 100644
--- a/ishtar_common/forms.py
+++ b/ishtar_common/forms.py
@@ -372,7 +372,6 @@ class PkWizardSearch(object):
         ]
 
 
-
 class CustomFormSearch(forms.Form):
     need_user_for_initialization = True