1 files changed, 20 insertions, 14 deletions

diff --git a/ishtar_common/models_imports.py b/ishtar_common/models_imports.py
index 5e29b98ed..ddb23e490 100644
--- a/ishtar_common/models_imports.py
+++ b/ishtar_common/models_imports.py
@@ -1447,25 +1447,28 @@ class BaseImport(models.Model, OwnPerms, SheetItem):
         abstract = True
 
     @classmethod
-    def get_permissions_for_actions(cls, user, session):
+    def get_permissions_for_actions(cls, user):
         if not hasattr(user, "ishtaruser") or not user.ishtaruser:
             return False, False, False, False
-        can_edit_all, can_delete_all, can_edit_own, can_delete_own = False, False, False, False
-        if user.is_superuser:
+        can_edit_all, can_delete_all = False, False
+        can_edit_own, can_delete_own = False, False
+        ishtaruser = user.ishtaruser
+        if ishtaruser.has_permission("ishtaradmin"):
             can_edit_all = True
             can_delete_all = True
-        if user.ishtaruser.has_right("change_import", session=session):
-            can_edit_all = True
-        elif user.ishtaruser.has_right("change_own_import", session=session):
-            can_edit_own = True
-        if user.ishtaruser.has_right("delete_import", session=session):
-            can_delete_all = True
-        elif user.ishtaruser.has_right("delete_own_import", session=session):
-            can_delete_own = True
+        else:
+            if ishtaruser.has_permission("ishtar_common.change_import"):
+                can_edit_all = True
+            elif ishtaruser.has_permission("ishtar_common.change_own_import"):
+                can_edit_own = True
+            if ishtaruser.has_permission("ishtar_common.delete_import"):
+                can_delete_all = True
+            elif ishtaruser.has_permission("ishtar_common.delete_own_import"):
+                can_delete_own = True
         return can_edit_all, can_delete_all, can_edit_own, can_delete_own
 
     @classmethod
-    def query_can_access(cls, user, perm="view_import"):
+    def query_can_access(cls, user, perm="ishtar_common.view_import"):
         """
         Filter the query to check access permissions
         :param user: User instance
@@ -1474,8 +1477,11 @@ class BaseImport(models.Model, OwnPerms, SheetItem):
         q = cls.objects
         if not isinstance(perm, (list, tuple)):
             perm = [perm]
-        if user.is_superuser or (hasattr(user, "ishtaruser") and user.ishtaruser and
-                                 any(user.ishtaruser.has_right(p) for p in perm)):
+        ishtaruser = getattr(user, "ishtaruser", None)
+        if not ishtaruser:
+            return q.filter(pk__isnull=True)
+        if ishtaruser.has_permission("ishtaradmin") or (
+                any(ishtaruser.has_permission(p) for p in perm)):
             return q
         q = q.filter(Q(importer_type__users__pk=user.ishtaruser.pk))
         return q