From a80af18400413b7e1cda2b694e6ae4553595013d Mon Sep 17 00:00:00 2001
From: j <j@mailb.org>
Date: Thu, 8 Dec 2022 12:26:17 +0100
Subject: [PATCH] not editable if rightslevel is > allowed level

---
 pandora/item/models.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pandora/item/models.py b/pandora/item/models.py
index e0aebbd44..22f359274 100644
--- a/pandora/item/models.py
+++ b/pandora/item/models.py
@@ -233,6 +233,10 @@ class Item(models.Model):
     def editable(self, user):
         if user.is_anonymous:
             return False
+        level = user.profile.get_level()
+        allowed_level = settings.CONFIG['capabilities']['canSeeItem'][level]
+        if self.level > allowed_level:
+            return False
         if user.profile.capability('canEditMetadata') or \
            user.is_staff or \
            self.user == user or \