diff --git a/openslides/users/access_permissions.py b/openslides/users/access_permissions.py index e5bcf3913..a6c87c118 100644 --- a/openslides/users/access_permissions.py +++ b/openslides/users/access_permissions.py @@ -186,12 +186,15 @@ class PersonalNoteAccessPermissions(BaseAccessPermissions): full_data = container.get_full_data() if isinstance(container, Collection) else [container.get_full_data()] # Parse data. - for full in full_data: - if full['user_id'] == user.id: - data = [full] - break - else: + if user is None: data = [] + else: + for full in full_data: + if full['user_id'] == user.id: + data = [full] + break + else: + data = [] # Reduce result to a single item or None if it was not a collection at # the beginning of the method. diff --git a/tests/unit/users/test_access_permissions.py b/tests/unit/users/test_access_permissions.py index abaf628cf..e6929b2da 100644 --- a/tests/unit/users/test_access_permissions.py +++ b/tests/unit/users/test_access_permissions.py @@ -1,6 +1,9 @@ from unittest import TestCase -from openslides.users.access_permissions import UserAccessPermissions +from openslides.users.access_permissions import ( + PersonalNoteAccessPermissions, + UserAccessPermissions, +) from openslides.utils.collection import CollectionElement @@ -37,3 +40,25 @@ class UserGetProjectorDataTest(TestCase): 'is_present': False, 'is_committee': False, }) + + +class TestPersonalNoteAccessPermissions(TestCase): + def test_get_restricted_data(self): + ap = PersonalNoteAccessPermissions() + rd = ap.get_restricted_data( + CollectionElement.from_values( + 'users/personal_note', + 1, + full_data={'user_id': 1}), + CollectionElement.from_values('users/user', 5, full_data={})) + self.assertEqual(rd, None) + + def test_get_restricted_data_for_anonymous(self): + ap = PersonalNoteAccessPermissions() + rd = ap.get_restricted_data( + CollectionElement.from_values( + 'users/personal_note', + 1, + full_data={'user_id': 1}), + None) + self.assertEqual(rd, None)