From 810a87e4b7e15d6ffe4b7b04538db264fb755318 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Tue, 9 Oct 2018 19:36:23 +0200
Subject: Fix permission check on IshtarUser instead of User

---
 ishtar_common/models.py | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

(limited to 'ishtar_common/models.py')

diff --git a/ishtar_common/models.py b/ishtar_common/models.py
index a99921740..0eade6891 100644
--- a/ishtar_common/models.py
+++ b/ishtar_common/models.py
@@ -238,9 +238,13 @@ class OwnPerms(object):
         """
         Check if the current object is owned by the user
         """
-        if not hasattr(user, 'ishtaruser'):
+        if isinstance(user, IshtarUser):
+            ishtaruser = user
+        elif hasattr(user, 'ishtaruser'):
+            ishtaruser = user.ishtaruser
+        else:
             return False
-        query = self.get_query_owns(user.ishtaruser)
+        query = self.get_query_owns(ishtaruser)
         if not query:
             return False
         query &= Q(pk=self.pk)
@@ -251,9 +255,13 @@ class OwnPerms(object):
         """
         Check if the user own some items
         """
-        if not hasattr(user, 'ishtaruser'):
+        if isinstance(user, IshtarUser):
+            ishtaruser = user
+        elif hasattr(user, 'ishtaruser'):
+            ishtaruser = user.ishtaruser
+        else:
             return False
-        query = cls.get_query_owns(user.ishtaruser)
+        query = cls.get_query_owns(ishtaruser)
         if not query:
             return False
         return cls.objects.filter(query).count()
@@ -261,6 +269,8 @@ class OwnPerms(object):
     @classmethod
     def _return_get_owns(cls, owns, values, get_short_menu_class,
                          label_key='cached_label'):
+        if not owns:
+            return []
         sorted_values = []
         if hasattr(cls, 'BASKET_MODEL'):
             owns_len = len(owns)
@@ -296,18 +306,22 @@ class OwnPerms(object):
             return returned
         if isinstance(user, User):
             try:
-                user = IshtarUser.objects.get(user_ptr=user)
+                ishtaruser = IshtarUser.objects.get(user_ptr=user)
             except IshtarUser.DoesNotExist:
                 returned = cls.objects.filter(pk__isnull=True)
                 if values:
                     returned = []
                 return returned
+        elif isinstance(user, IshtarUser):
+            ishtaruser = user
+        else:
+            if values:
+                return []
+            return cls.objects.filter(pk__isnull=True)
         items = []
         if hasattr(cls, 'BASKET_MODEL'):
-            items = list(cls.BASKET_MODEL.objects.filter(user=user).all())
-        if not hasattr(user, 'ishtaruser'):
-            return False
-        query = cls.get_query_owns(user.ishtaruser)
+            items = list(cls.BASKET_MODEL.objects.filter(user=ishtaruser).all())
+        query = cls.get_query_owns(ishtaruser)
         if not query and not replace_query:
             returned = cls.objects.filter(pk__isnull=True)
             if values:
-- 
cgit v1.2.3