From 7522ecf197ef692a198c71fcc3bd59d46a310848 Mon Sep 17 00:00:00 2001
From: Hangzhi Yu <hangzhi@protonmail.com>
Date: Wed, 25 Jan 2023 11:51:09 +0100
Subject: [PATCH] Check if person exists in dashboard edit permission check

---
 CHANGELOG.rst         | 1 +
 aleksis/core/views.py | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index d70d15b5b..da73ac0d1 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -12,6 +12,7 @@ Unreleased
 Fixed
 ~~~~~
 
+* The permission check for the dashboard edit page failed when the user had no person assigned.
 * OIDC scope "phone" had no claims.
 * AlekSIS groups were not synced to Django groups on registration of existing persons
 * Invitations for existing short name did not work.
diff --git a/aleksis/core/views.py b/aleksis/core/views.py
index d92b076a7..8e7fdf8a1 100644
--- a/aleksis/core/views.py
+++ b/aleksis/core/views.py
@@ -1001,7 +1001,8 @@ class EditDashboardView(PermissionRequiredMixin, View):
         if (
             self.default_dashboard
             and not request.user.has_perm("core.edit_default_dashboard_rule")
-            or getattr(person, "is_dummy", False)
+            or getattr(request.user, "person", True)
+            and getattr(request.user.person, "is_dummy", False)
         ):
             raise PermissionDenied()
 
-- 
GitLab