From f1129919af1864dd6259c265d797e1fed261e796 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Mon, 19 Jan 2026 11:42:00 +0100
Subject: 🚑️ sheet: fix change permission evaluation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ishtar_common/views_item.py | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/ishtar_common/views_item.py b/ishtar_common/views_item.py
index c5b85a6ee..ac2db5b97 100644
--- a/ishtar_common/views_item.py
+++ b/ishtar_common/views_item.py
@@ -378,6 +378,22 @@ def modify_qa_item(model, frm, callback=None):
 
     return func
 
+def get_default_permissions(dct):
+    cache_key = f"{settings.PROJECT_SLUG}-default-perms"
+    default_permissions = cache.get(cache_key)
+    if default_permissions is None:
+        default_permissions = list(
+            Permission.objects.filter(
+                codename__startswith='view_').values_list("codename", flat=True).all())
+        default_permissions += list(
+            Permission.objects.filter(
+                codename__startswith='change_').values_list("codename", flat=True).all())
+        default_permissions += ["change_own_document", "change_own_findbasket"]
+        cache.set(cache_key, default_permissions, settings.CACHE_TIMEOUT)
+
+    for perm in default_permissions:
+        dct["permission_" + perm] = False
+
 
 def display_item(model, extra_dct=None, show_url=None):
     def func(request, pk, **dct):
@@ -427,9 +443,7 @@ def show_source_item(request, source_id, model, name, base_dct, extra_dct):
     if extra_dct:
         dct.update(extra_dct(request, dct))
 
-    for perm in Permission.objects.filter(
-            codename__startswith='view_').values_list("codename", flat=True).all():
-        dct["permission_" + perm] = False
+    get_default_permissions(dct)
 
     permissions = ["permission_view_document"]
     for p in permissions:
@@ -559,12 +573,8 @@ def show_item(model, name, extra_dct=None, model_for_perms=None, callback=None):
             callback("show_item", request, doc_type, q)
 
         # list current perms
-        for perm in Permission.objects.filter(
-                codename__startswith='view_').values_list("codename", flat=True).all():
-            dct["permission_" + perm] = False
-        for perm in ["document", "findbasket"]:
-            dct[f"permission_change_own_{perm}"] = False
-            dct[f"permission_change_{perm}"] = False
+        get_default_permissions(dct)
+
         if hasattr(request.user, "ishtaruser") and request.user.ishtaruser:
             cache_key = "{}-{}-{}".format(
                 settings.PROJECT_SLUG,
-- 
cgit v1.2.3