From 6585c072ae415325c14a24c66f04c0a51a36008b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Norman=20J=C3=A4ckel?= <openslides@normanjaeckel.de>
Date: Tue, 19 Feb 2019 14:04:49 +0100
Subject: [PATCH] Fixed permission check for hidden and internal items.

---
 openslides/agenda/access_permissions.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/openslides/agenda/access_permissions.py b/openslides/agenda/access_permissions.py
index f0dd12eb5..040ca3540 100644
--- a/openslides/agenda/access_permissions.py
+++ b/openslides/agenda/access_permissions.py
@@ -71,11 +71,13 @@ class ItemAccessPermissions(BaseAccessPermissions):
 
                 data = []
                 for full in full_data:
-                    if full["is_hidden"] and can_see_hidden:
-                        # Same filtering for internal and hidden items
-                        data.append(
-                            filtered_data(full, blocked_keys_internal_hidden_case)
-                        )
+                    if full["is_hidden"]:
+                        if can_see_hidden:
+                            # Same filtering for internal and hidden items
+                            data.append(
+                                filtered_data(full, blocked_keys_internal_hidden_case)
+                            )
+                        # If can_see_hidden is false, the user (which is a non manager) can not see anything.
                     elif full["is_internal"]:
                         data.append(
                             filtered_data(full, blocked_keys_internal_hidden_case)