From 13f9202121e5470827174079da7fc699a8227295 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Thu, 9 Jan 2025 12:40:57 +0100
Subject: 🐛 new permissions: fix permission_check for action (refs #6126)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 archaeological_files/views.py | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

(limited to 'archaeological_files/views.py')

diff --git a/archaeological_files/views.py b/archaeological_files/views.py
index 0d3f978b5..5a8ce1975 100644
--- a/archaeological_files/views.py
+++ b/archaeological_files/views.py
@@ -49,6 +49,7 @@ from archaeological_files.wizards import (
     FileEditAdministrativeActWizard,
 )
 from ishtar_common.views import IshtarMixin, LoginRequiredMixin
+from ishtar_common.views_item import get_autocomplete_query
 from archaeological_operations.wizards import OperationWizard
 from archaeological_operations.views import operation_creation_wizard, get_parcel_modify
 
@@ -62,18 +63,10 @@ RE_YEAR_INDEX = re.compile(r"([1-2][0-9]{3})-([0-9]+)")  # eg.: 2014-123
 
 
 def autocomplete_file(request):
-    ishtaruser = getattr(request.user, "ishtaruser", None)
-    if not ishtaruser:
-        return HttpResponse(content_type="text/plain")
-    if (
-        not ishtaruser.has_permission("archaeological_files.view_file")
-        and not ishtaruser.has_permission("archaeological_files.view_own_file")
-    ):
-        return HttpResponse(content_type="text/plain")
-    if not request.GET.get("term"):
+    query = get_autocomplete_query(request, "archaeological_files", "file")
+    if query is None:
         return HttpResponse(content_type="text/plain")
     q = request.GET.get("term")
-    query = Q()
     for q in q.split(" "):
         extra = (
             Q(internal_reference__icontains=q)
@@ -538,14 +531,14 @@ class PreventiveEditView(IshtarMixin, LoginRequiredMixin, MixFormFormsetUpdateVi
     def get_form_kwargs(self):
         kwargs = super(PreventiveEditView, self).get_form_kwargs()
         try:
-            file = models.File.objects.get(pk=self.kwargs.get("pk"))
+            file_obj = models.File.objects.get(pk=self.kwargs.get("pk"))
         except models.Document.DoesNotExist:
             raise Http404()
-        if not check_permission(self.request, "file/edit-preventive/", file.pk):
+        if not check_permission(self.request, "archaeological_files.change_file", file_obj):
             raise Http404()
         initial = {}
         for k in list(self.form_class.base_fields.keys()):
-            value = getattr(file, k)
+            value = getattr(file_obj, k)
             if hasattr(value, "all"):
                 value = ",".join([str(v.pk) for v in value.all()])
             if hasattr(value, "pk"):
@@ -553,7 +546,7 @@ class PreventiveEditView(IshtarMixin, LoginRequiredMixin, MixFormFormsetUpdateVi
             initial[k] = value
         kwargs["initial"] = initial
         kwargs["user"] = self.request.user
-        self.file = file
+        self.file = file_obj
         return kwargs
 
     def get_context_data(self, **kwargs):
-- 
cgit v1.2.3