1 files changed, 17 insertions, 6 deletions

diff --git a/ishtar/furnitures/backend.py b/ishtar/furnitures/backend.py
index c9b8e2b23..d7d3384a8 100644
--- a/ishtar/furnitures/backend.py
+++ b/ishtar/furnitures/backend.py
@@ -23,6 +23,9 @@ Permission backend to manage "own" objects
 
 from django.conf import settings
 from django.contrib.auth.models import User
+from django.core.exceptions import ObjectDoesNotExist
+
+import models
 
 class ObjectOwnPermBackend(object):
     supports_object_permissions = True
@@ -32,18 +35,26 @@ class ObjectOwnPermBackend(object):
         # managed by the default backend
         return None
 
-    def has_perm(self, user_obj, perm, obj=None):
+    def has_perm(self, user_obj, perm, model=None, obj=None):
         if not user_obj.is_authenticated():
-            user_obj = User.objects.get(pk=settings.ANONYMOUS_USER_ID)
-
-        if obj is None:
-            # managed by the default backend
+            return False
+        if not model:
+            # let it manage by the default backend
             return False
 
         try:
+            ishtar_user = models.IshtarUser.objects.get(user_ptr=user_obj)
+        except ObjectDoesNotExist:
+            return False
+        try:
             # only manage "own" permissions
             assert perm.split('.')[-1].split('_')[1] == 'own'
         except (IndexError, AssertionError):
             return False
-
+        if obj is None:
+            model_name = perm.split('_')[-1].capitalize()
+            if not hasattr(models, model_name):
+                return False
+            model = getattr(models, model_name)
+            return user_obj.has_perm(perm) and model.has_item_of(ishtar_user)
         return user_obj.has_perm(perm) and obj.is_own(user_obj)