1 files changed, 40 insertions, 22 deletions

diff --git a/ishtar_common/views_item.py b/ishtar_common/views_item.py
index 48b83e654..7b10974db 100644
--- a/ishtar_common/views_item.py
+++ b/ishtar_common/views_item.py
@@ -392,8 +392,12 @@ def show_item(model, name, extra_dct=None, model_for_perms=None, callback=None):
             if query_own:
                 q = q.filter(query_own).distinct()
         doc_type = "type" in dct and dct.pop("type")
+        try:
+            url = reverse("show-" + name, args=["0", ""])
+        except NoReverseMatch:
+            url = reverse("show-" + name, args=[0])
         url_name = (
-            "/".join(reverse("show-" + name, args=["0", ""]).split("/")[:-2]) + "/"
+            "/".join(url.split("/")[:-2]) + "/"
         )
         profile = get_current_profile()
         sheet_name = name
@@ -2203,26 +2207,6 @@ def get_item(
         ):
             own = True
 
-        query_own = None
-        if own:
-            # TODO: verify alt_query_own
-            """
-            if alt_query_own:
-                query_own = getattr(model, alt_query_own)(q.all()[0])
-            else:
-                query_own = model.get_query_owns(q.all()[0])
-            print(query_own)  # TODO - get old request to transform them
-            """
-            user_pk = request.user.pk if request else ishtaruser.pk
-            q = UserObjectPermission.objects.filter(
-                user_id=user_pk,
-                permission__codename=f"view_own_{model._meta.model_name}",
-                content_type=ContentType.objects.get_for_model(model)
-            )
-            query_own = Q(
-                pk__in=[int(pk) for pk in q.values_list("object_pk", flat=True)]
-            )
-
         query_parameters = {}
 
         if hasattr(model, "get_query_parameters"):
@@ -2329,8 +2313,8 @@ def get_item(
         request_keys.update(my_extra_request_keys)
 
         # manage search on json fields and excluded fields
+        ishtaruser = request.user.ishtaruser if request else ishtaruser
         if search_form:
-            ishtaruser = request.user.ishtaruser if request else ishtaruser
             available, __, excluded_fields, json_fields = search_form.check_custom_form(
                 ishtaruser
             )
@@ -2493,6 +2477,40 @@ def get_item(
         related_name_fields = [query_parameters[k].related_name for k in query_parameters
                                if query_parameters[k].related_name]
 
+        # manage own filters
+        own_key = None
+        if ishtaruser and ishtaruser.is_ishtaradmin:  # admin only...
+            # force own POV - used by account sheet
+            for key in ("view_own", "change_own", "delete_own"):
+                if key in dct_request_items:
+                    own = True
+                    own_key = key
+                    break
+        query_own = None
+        if own:
+            # TODO: verify alt_query_own
+            """
+            if alt_query_own:
+                query_own = getattr(model, alt_query_own)(q.all()[0])
+            else:
+                query_own = model.get_query_owns(q.all()[0])
+            print(query_own)  # TODO - get old request to transform them
+            """
+            if own_key:
+                user_pk = dct_request_items[own_key]
+                codename = f"{own_key}_{model._meta.model_name}"
+            else:
+                user_pk = request.user.pk if request else ishtaruser.pk
+                codename = f"view_own_{model._meta.model_name}"
+            q = UserObjectPermission.objects.filter(
+                user_id=user_pk,
+                permission__codename=codename,
+                content_type=ContentType.objects.get_for_model(model)
+            )
+            query_own = Q(
+                pk__in=[int(pk) for pk in q.values_list("object_pk", flat=True)]
+            )
+
         items = None
         for sub_dct in split_dict(dct):
             query, exc_query, extras = main_manager(