diff options
| -rw-r--r-- | archaeological_context_records/views.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/archaeological_context_records/views.py b/archaeological_context_records/views.py index 1c6cdb701..2684afc9f 100644 --- a/archaeological_context_records/views.py +++ b/archaeological_context_records/views.py @@ -201,12 +201,13 @@ def get_dating_form(model, dating_model, url_name): item = model.objects.get(pk=pk) except model.DoesNotExist: raise Http404() + # permission not provided + if not current_right: + raise PermissionDenied() + # specificaly check permission for own item, otherwise already checked if "_own_" in current_right: if not request.user.has_perm(current_right, item): raise PermissionDenied() - elif current_right: - if not request.user.has_perm(current_right): - raise PermissionDenied() initial = {} if dating_pk: try: |