diff options
Diffstat (limited to 'archaeological_finds/forms.py')
-rw-r--r-- | archaeological_finds/forms.py | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/archaeological_finds/forms.py b/archaeological_finds/forms.py index 094e6be21..23531aeb0 100644 --- a/archaeological_finds/forms.py +++ b/archaeological_finds/forms.py @@ -2619,11 +2619,12 @@ class FindBasketAddItemForm(forms.Form): basket_id = forms.IntegerField(required=True) item_id = forms.IntegerField(required=True) - def save(self, user): + def save(self, ishtaruser): try: basket = ( models.FindBasket.objects.filter( - Q(user=user) | Q(shared_with=user) | Q(shared_write_with=user) + Q(user=ishtaruser) | Q(shared_with=ishtaruser) | + Q(shared_write_with=ishtaruser) ) .distinct() .get(pk=self.cleaned_data["basket_id"]) @@ -2634,9 +2635,11 @@ class FindBasketAddItemForm(forms.Form): raise PermissionDenied # check rights if ( - not user.user_ptr.is_superuser - and not user.has_right("view_find") - and not (user.has_right("view_own_find") and item.is_own(user)) + not ishtaruser.user_ptr.is_superuser + and not ishtaruser.has_permission("archaeological_finds.view_find") + and not ishtaruser.has_permission( + "archaeological_finds.view_own_find", + obj=item) ): raise PermissionDenied basket.items.add(item) |