From 623bbd472c41d4d0d631f044a4bd4524d5efc217 Mon Sep 17 00:00:00 2001 From: j Date: Wed, 4 Jan 2023 14:41:39 +0000 Subject: [PATCH] users can see private items if they own it. limit to max_level instead, a80af1 fixup --- pandora/item/models.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pandora/item/models.py b/pandora/item/models.py index 22f35927..2a927120 100644 --- a/pandora/item/models.py +++ b/pandora/item/models.py @@ -233,9 +233,8 @@ class Item(models.Model): def editable(self, user): if user.is_anonymous: return False - level = user.profile.get_level() - allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level] - if self.level > allowed_level: + max_level = len(settings.CONFIG['rightsLevels']) + if self.level > max_level: return False if user.profile.capability('canEditMetadata') or \ user.is_staff or \