From 285e1a1f960f3db856d18716c04c225311ff245b Mon Sep 17 00:00:00 2001 From: Stefan Wehrmeyer Date: Tue, 15 Mar 2022 12:57:22 +0100 Subject: [PATCH] Fix email follow perms --- froide_govplan/admin.py | 2 ++ froide_govplan/configuration.py | 13 ++++++------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/froide_govplan/admin.py b/froide_govplan/admin.py index 20e055b..dc52ed2 100644 --- a/froide_govplan/admin.py +++ b/froide_govplan/admin.py @@ -39,6 +39,8 @@ class GovernmentAdmin(admin.ModelAdmin): def has_limited_access(user): + if not user.is_authenticated: + return True return not user.has_perm("froide_govplan.change_governmentplanupdate") diff --git a/froide_govplan/configuration.py b/froide_govplan/configuration.py index 6489193..cfd27be 100644 --- a/froide_govplan/configuration.py +++ b/froide_govplan/configuration.py @@ -6,8 +6,8 @@ from django.utils.translation import gettext_lazy as _ from froide.follow.configuration import FollowConfiguration from froide.helper.notifications import Notification, TemplatedEvent -from .admin import get_allowed_plans -from .models import GovernmentPlanFollower, GovernmentPlanUpdate +from .admin import has_limited_access +from .models import GovernmentPlan, GovernmentPlanFollower, GovernmentPlanUpdate class GovernmentPlanFollowConfiguration(FollowConfiguration): @@ -30,13 +30,12 @@ class GovernmentPlanFollowConfiguration(FollowConfiguration): } def get_content_object_queryset(self, request): - return get_allowed_plans(request) + if has_limited_access(request.user): + return GovernmentPlan.objects.filter(public=True) + return GovernmentPlan.objects.all() def can_follow(self, content_object, user, request=None): - if request: - get_allowed_plans(request) - - return super().can_follow(content_object, user) + return content_object.public or not has_limited_access(user) def get_batch_updates( self, start: datetime, end: datetime