Fixted permissions for editing an application

The suppmitter could edit an application after it was finished by manipulating the url
2012-09-13 12:09:17 +02:00 · 2012-09-13 12:09:17 +02:00 · 48a992119a
commit 48a992119a
parent b15d70d13d
1 changed files with 2 additions and 2 deletions
--- a/openslides/application/views.py
+++ b/openslides/application/views.py
@ -182,8 +182,8 @@ def edit(request, application_id=None):
        return redirect(reverse('application_overview'))
    if application_id is not None:
        application = Application.objects.get(id=application_id)
-        if not request.user == application.submitter and not is_manager:
-            messages.error(request, _("You can not edit this motion. You are not the submitter."))
+        if not 'edit' in application.get_allowed_actions(request.user):
+            messages.error(request, _("You can not edit this motion."))
            return redirect(reverse('application_view', args=[application.id]))
        actions = application.get_allowed_actions(user=request.user)
    else: