From 623bbd472c41d4d0d631f044a4bd4524d5efc217 Mon Sep 17 00:00:00 2001
From: j <j@mailb.org>
Date: Wed, 4 Jan 2023 14:41:39 +0000
Subject: [PATCH] users can see private items if they own it. limit to
 max_level instead, a80af1 fixup

---
 pandora/item/models.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/pandora/item/models.py b/pandora/item/models.py
index 22f359274..2a927120f 100644
--- a/pandora/item/models.py
+++ b/pandora/item/models.py
@@ -233,9 +233,8 @@ class Item(models.Model):
     def editable(self, user):
         if user.is_anonymous:
             return False
-        level = user.profile.get_level()
-        allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level]
-        if self.level > allowed_level:
+        max_level = len(settings.CONFIG['rightsLevels'])
+        if self.level > max_level:
             return False
         if user.profile.capability('canEditMetadata') or \
            user.is_staff or \