From ef28a3ffca825c561edb2537f489ba5a1f54b7c6 Mon Sep 17 00:00:00 2001 From: Didrik Munther Date: Tue, 15 Aug 2023 13:19:45 +0200 Subject: [PATCH 1/2] Fix permissions for creating new recruitment period --- recruitment/views.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/recruitment/views.py b/recruitment/views.py index 6dfebee27..0e62b26fa 100644 --- a/recruitment/views.py +++ b/recruitment/views.py @@ -807,8 +807,12 @@ def recruitment_period_delete(request, year, pk): def recruitment_period_edit(request, year, pk=None): recruitment_period = RecruitmentPeriod.objects.filter(pk=pk).first() - if not user_can_access_recruitment_period(request.user, recruitment_period): - return HttpResponseForbidden() + if pk != None: + if not user_can_access_recruitment_period(request.user, recruitment_period): + return HttpResponseForbidden() + else: + if not request.user.has_perm('recruitment.add_recruitmentperiod'): + return HttpResponseForbidden() fair = get_object_or_404(Fair, year=year) form = RecruitmentPeriodForm(request.POST or None, instance=recruitment_period) From b8707881a7c5dd32b47beda6ec0f38bb1b9e9a5e Mon Sep 17 00:00:00 2001 From: Didrik Munther Date: Tue, 15 Aug 2023 13:22:08 +0200 Subject: [PATCH 2/2] Format files --- recruitment/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recruitment/views.py b/recruitment/views.py index 0e62b26fa..bd0581bd9 100644 --- a/recruitment/views.py +++ b/recruitment/views.py @@ -811,7 +811,7 @@ def recruitment_period_edit(request, year, pk=None): if not user_can_access_recruitment_period(request.user, recruitment_period): return HttpResponseForbidden() else: - if not request.user.has_perm('recruitment.add_recruitmentperiod'): + if not request.user.has_perm("recruitment.add_recruitmentperiod"): return HttpResponseForbidden() fair = get_object_or_404(Fair, year=year)