users can see private items if they own it. limit to max_level instead, a80af1 fixup

pandora/item/models.py

@@ -233,9 +233,8 @@ class Item(models.Model):
     def editable(self, user):
         if user.is_anonymous:
             return False
-        level = user.profile.get_level()
+        max_level = len(settings.CONFIG['rightsLevels'])
-        allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level]
+        if self.level > max_level:
-        if self.level > allowed_level:
             return False
         if user.profile.capability('canEditMetadata') or \
            user.is_staff or \