From f662227d67566d134071d651376484fdd90eae56 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Sun, 4 Dec 2016 01:06:31 +0100
Subject: Treatment: manage treatment with baskets

---
 archaeological_finds/wizards.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'archaeological_finds/wizards.py')

diff --git a/archaeological_finds/wizards.py b/archaeological_finds/wizards.py
index 9c91ac516..962f21e69 100644
--- a/archaeological_finds/wizards.py
+++ b/archaeological_finds/wizards.py
@@ -107,10 +107,13 @@ class TreatmentWizard(Wizard):
                         and not find.is_own(dct['history_modifier']):
                     raise PermissionDenied
                 dct['items'] = [find]
-            except (models.Find.DoesNotExist):
+            except models.Find.DoesNotExist:
                 raise PermissionDenied
         if 'basket' in dct:
-            dct.pop('basket')
+            basket = dct.pop('basket')
+            if basket.user.pk != dct['history_modifier'].pk:
+                raise PermissionDenied
+            dct['items'] = list(basket.items.all())
         return dct
 
 
-- 
cgit v1.2.3