From bd14b56fea4482a15ea56174d88922aafa033cde Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@proxience.com>
Date: Tue, 29 Dec 2015 19:17:43 +0100
Subject: An administrator can really see everythings!

---
 ishtar_common/views.py | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/ishtar_common/views.py b/ishtar_common/views.py
index a18673b44..1320517ff 100644
--- a/ishtar_common/views.py
+++ b/ishtar_common/views.py
@@ -325,18 +325,24 @@ def get_item(model, func_name, default_name, extra_request_keys=[],
         # check rights
         own = True  # more restrictive by default
         allowed = False
-        for perm, lbl in model._meta.permissions:
-            # if not specific any perm is relevant (read right)
-            if specific_perms and perm not in specific_perms:
-                continue
-            if request.user.has_perm(model._meta.app_label + '.' + perm) \
-                    or (request.user.is_authenticated()
-                        and request.user.ishtaruser.has_right(
-                            perm, session=request.session)):
-                allowed = True
-                if "_own_" not in perm:
-                    own = False
-                    break  # max right reach
+        if request.user.is_authenticated() and \
+                request.user.ishtaruser.has_right('administrator',
+                                                  session=request.session):
+            allowed = True
+            own = False
+        else:
+            for perm, lbl in model._meta.permissions:
+                # if not specific any perm is relevant (read right)
+                if specific_perms and perm not in specific_perms:
+                    continue
+                if request.user.has_perm(model._meta.app_label + '.' + perm) \
+                        or (request.user.is_authenticated()
+                            and request.user.ishtaruser.has_right(
+                                perm, session=request.session)):
+                    allowed = True
+                    if "_own_" not in perm:
+                        own = False
+                        break  # max right reach
         if force_own:
             own = True
         EMPTY = ''
-- 
cgit v1.2.3