From b2ec85fb976d53f54739e2be2a3d4e5b6d8f9b9f Mon Sep 17 00:00:00 2001
From: Julian Leucker <leuckerj@gmail.com>
Date: Sun, 16 May 2021 16:17:00 +0200
Subject: [PATCH] Check for permissions

---
 aleksis/apps/alsijil/views.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/aleksis/apps/alsijil/views.py b/aleksis/apps/alsijil/views.py
index b74df3175..890f250e2 100644
--- a/aleksis/apps/alsijil/views.py
+++ b/aleksis/apps/alsijil/views.py
@@ -856,12 +856,11 @@ def overview_person(request: HttpRequest, id_: Optional[int] = None) -> HttpResp
     context["personal_notes"] = personal_notes_list
     context["excuse_types"] = ExcuseType.objects.all()
 
-    form = PersonOverviewForm(request, request.POST or None, queryset=PersonalNote.objects.all())
+    form = PersonOverviewForm(request, request.POST or None, queryset=allowed_personal_notes)
     if request.method == "POST":
         if form.is_valid():
             with reversion.create_revision():
                 reversion.set_user(request.user)
-                # FIXME CHECK PERMISSION
                 form.execute()
             person.refresh_from_db()
     context["action_form"] = form
-- 
GitLab