From 252186d3df11f79b29043a95f1cc20af63310ae1 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Thu, 30 Mar 2017 02:01:46 +0200
Subject: Access control: fix evaluation of availability of actions

---
 ishtar_common/menu_base.py | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/ishtar_common/menu_base.py b/ishtar_common/menu_base.py
index 0117b375d..c6d02daa5 100644
--- a/ishtar_common/menu_base.py
+++ b/ishtar_common/menu_base.py
@@ -87,18 +87,22 @@ class MenuItem:
             return False
         if not self.access_controls:
             return True
+        if not hasattr(user, 'ishtaruser'):
+            return False
+        # manage by specific idx - person type
+        if user.ishtaruser.has_right(self.idx, session=session):
+            return True
         prefix = (self.model._meta.app_label + '.') if self.model else ''
         for access_control in self.access_controls:
+            # check by person type
+            if user.ishtaruser.has_right(access_control, session=session):
+                return True
             access_control = prefix + access_control
-            if hasattr(user, 'ishtaruser') and \
-                user.ishtaruser.has_perm(access_control, self.model,
-                                         session=session) or \
+            # check by specific access control
+            if user.ishtaruser.has_perm(access_control, self.model,
+                                        session=session) or \
                access_control in user.get_group_permissions():
                 return True
-        # manage by person type
-        if hasattr(user, 'ishtaruser'):
-            if user.ishtaruser.has_right(self.idx, session=session):
-                return True
         return False
 
     def is_available(self, user, obj=None, session=None):
-- 
cgit v1.2.3