From c93dd3812c53d21ab8517dc7af72e1d4b70a1b04 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Wed, 16 Oct 2024 17:57:13 +0200
Subject: ♻ permissions refactoring: refactor has_permission methods
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 archaeological_finds/views.py | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

(limited to 'archaeological_finds/views.py')

diff --git a/archaeological_finds/views.py b/archaeological_finds/views.py
index 866349ce2..0b286531c 100644
--- a/archaeological_finds/views.py
+++ b/archaeological_finds/views.py
@@ -151,14 +151,12 @@ get_administrativeacttreatmentfile = get_item(
 
 
 def autocomplete_treatmentfile(request):
+    ishtaruser = getattr(request.user, "ishtaruser", None)
+    if not ishtaruser:
+        return HttpResponse(content_type="text/plain")
     if (
-        not request.user.has_perm("ishtar_common.view_treatment", models.Treatment)
-        and not request.user.has_perm(
-            "ishtar_common.view_own_treatment", models.Treatment
-        )
-        and not request.user.ishtaruser.has_right(
-            "treatmentfile_search", session=request.session
-        )
+        not ishtaruser.has_permission("archaeological_finds.view_treatment")
+        and not ishtaruser.has_permission("archaeological_finds.view_own_treatment")
     ):
         return HttpResponse(content_type="text/plain")
     if not request.GET.get("term"):
@@ -193,7 +191,7 @@ def show_basefind(request, pk, **dct):
 
 
 def show_find_extra(request, find):
-    if not request.user or not request.user.ishtaruser:
+    if not request.user or not getattr(request.user, "ishtaruser", None):
         return {}
     user = request.user.ishtaruser
     if isinstance(find, dict):
@@ -607,8 +605,8 @@ class FindBasketDeleteItemView(
         basket = self.get_basket(user=ishtaruser, pk=self.kwargs["basket"])
         if (
             not user.is_superuser
-            and not ishtaruser.has_right("view_find")
-            and not (ishtaruser.has_right("view_own_find") and find.is_own(user))
+            and not ishtaruser.has_permission("archaeological_finds.view_find")
+            and not ishtaruser.has_permission("archaeological_finds.view_own_find", find)
         ):
             raise PermissionDenied
         basket.items.remove(find)
-- 
cgit v1.2.3