diff --git a/aleksis/apps/alsijil/views.py b/aleksis/apps/alsijil/views.py index b74df3175dd1fabc02f2d6e528b3ce8c580400fb..890f250e205a6f4dcf20b1fcd52e4fb55089b1db 100644 --- a/aleksis/apps/alsijil/views.py +++ b/aleksis/apps/alsijil/views.py @@ -856,12 +856,11 @@ def overview_person(request: HttpRequest, id_: Optional[int] = None) -> HttpResp context["personal_notes"] = personal_notes_list context["excuse_types"] = ExcuseType.objects.all() - form = PersonOverviewForm(request, request.POST or None, queryset=PersonalNote.objects.all()) + form = PersonOverviewForm(request, request.POST or None, queryset=allowed_personal_notes) if request.method == "POST": if form.is_valid(): with reversion.create_revision(): reversion.set_user(request.user) - # FIXME CHECK PERMISSION form.execute() person.refresh_from_db() context["action_form"] = form