From b2ec85fb976d53f54739e2be2a3d4e5b6d8f9b9f Mon Sep 17 00:00:00 2001 From: Julian Leucker <leuckerj@gmail.com> Date: Sun, 16 May 2021 16:17:00 +0200 Subject: [PATCH] Check for permissions --- aleksis/apps/alsijil/views.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/aleksis/apps/alsijil/views.py b/aleksis/apps/alsijil/views.py index b74df3175..890f250e2 100644 --- a/aleksis/apps/alsijil/views.py +++ b/aleksis/apps/alsijil/views.py @@ -856,12 +856,11 @@ def overview_person(request: HttpRequest, id_: Optional[int] = None) -> HttpResp context["personal_notes"] = personal_notes_list context["excuse_types"] = ExcuseType.objects.all() - form = PersonOverviewForm(request, request.POST or None, queryset=PersonalNote.objects.all()) + form = PersonOverviewForm(request, request.POST or None, queryset=allowed_personal_notes) if request.method == "POST": if form.is_valid(): with reversion.create_revision(): reversion.set_user(request.user) - # FIXME CHECK PERMISSION form.execute() person.refresh_from_db() context["action_form"] = form -- GitLab