From c765048479359088383a01c358fbd2591a6c9da4 Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Wed, 10 Oct 2018 18:46:31 +0200 Subject: Fix QA basket form validation. Basket: fix rights for basket management. --- archaeological_finds/views.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'archaeological_finds/views.py') diff --git a/archaeological_finds/views.py b/archaeological_finds/views.py index e930c0830..7855b5099 100644 --- a/archaeological_finds/views.py +++ b/archaeological_finds/views.py @@ -336,8 +336,8 @@ class FindBasketDeleteItemView(IshtarMixin, LoginRequiredMixin, TemplateView): except models.FindBasket.DoesNotExist: raise PermissionDenied if not user.is_superuser and \ - not ishtaruser.has_right('change_find') and \ - not (ishtaruser.has_right('change_own_find') + not ishtaruser.has_right('view_find') and \ + not (ishtaruser.has_right('view_own_find') and find.is_own(user)): raise PermissionDenied basket.items.remove(find) -- cgit v1.2.3