From a3afdb65a9a780bfccc5830710eebc6a290db38f Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Thu, 18 Oct 2018 11:50:20 +0200
Subject: Fix access to sheet and permission check for owns

---
 ishtar_common/backend.py    | 7 +++----
 ishtar_common/views_item.py | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

(limited to 'ishtar_common')

diff --git a/ishtar_common/backend.py b/ishtar_common/backend.py
index 261e4dc6f..d5e092fa5 100644
--- a/ishtar_common/backend.py
+++ b/ishtar_common/backend.py
@@ -55,10 +55,9 @@ class ObjectPermBackend(ModelBackend):
         if obj is None:
             model_name = perm.split('_')[-1].lower()
             model = None
-            for app in apps.get_apps():
-                for modl in apps.get_models(app):
-                    if modl.__name__.lower() == model_name:
-                        model = modl
+            for modl in apps.get_models():
+                if modl.__name__.lower() == model_name:
+                    model = modl
             if not model:
                 return False
             return not is_ownperm or model.has_item_of(ishtar_user)
diff --git a/ishtar_common/views_item.py b/ishtar_common/views_item.py
index d068fb554..5cd3eb826 100644
--- a/ishtar_common/views_item.py
+++ b/ishtar_common/views_item.py
@@ -135,7 +135,7 @@ def show_item(model, name, extra_dct=None):
                 return HttpResponse('NOK')
             query_own = model.get_query_owns(request.user.ishtaruser)
             if query_own:
-                q = q.filter(query_own)
+                q = q.filter(query_own).distinct()
         try:
             item = q.get(pk=pk)
         except ObjectDoesNotExist:
-- 
cgit v1.2.3