diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d70d15b5b94bcffc8a8fb8cfefdf73e8a4e42664..da73ac0d16ac435ecd4d00fc287e255291cde840 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -12,6 +12,7 @@ Unreleased Fixed ~~~~~ +* The permission check for the dashboard edit page failed when the user had no person assigned. * OIDC scope "phone" had no claims. * AlekSIS groups were not synced to Django groups on registration of existing persons * Invitations for existing short name did not work. diff --git a/aleksis/core/views.py b/aleksis/core/views.py index d92b076a7990b5c2e31ed5bbe0d99b32ff875e57..8e7fdf8a1048f1ed704d508d5f22c53b6114ade0 100644 --- a/aleksis/core/views.py +++ b/aleksis/core/views.py @@ -1001,7 +1001,8 @@ class EditDashboardView(PermissionRequiredMixin, View): if ( self.default_dashboard and not request.user.has_perm("core.edit_default_dashboard_rule") - or getattr(person, "is_dummy", False) + or getattr(request.user, "person", True) + and getattr(request.user.person, "is_dummy", False) ): raise PermissionDenied()