From 555630f934bc30b30397ab20d4b49dcadb2da7f6 Mon Sep 17 00:00:00 2001 From: Marc Vilanova Date: Mon, 5 Dec 2022 12:31:48 -0800 Subject: [PATCH] Improvements to incident edit permissions --- src/dispatch/auth/permissions.py | 7 ++++--- src/dispatch/incident/views.py | 4 ++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/dispatch/auth/permissions.py b/src/dispatch/auth/permissions.py index a073df54f873..baff697a41a3 100644 --- a/src/dispatch/auth/permissions.py +++ b/src/dispatch/auth/permissions.py @@ -271,8 +271,9 @@ def has_required_permissions( if not current_incident: return False - if current_incident.reporter.individual.email == current_user.email: - return True + if current_incident.reporter: + if current_incident.reporter.individual.email == current_user.email: + return True class IncidentCommanderPermission(BasePermission): @@ -285,7 +286,7 @@ def has_required_permissions( db_session=request.state.db, incident_id=request.path_params["incident_id"] ) if not current_incident: - return + return False if current_incident.commander: if current_incident.commander.individual.email == current_user.email: diff --git a/src/dispatch/incident/views.py b/src/dispatch/incident/views.py index bd1f17e6478b..b54da5cb17a3 100644 --- a/src/dispatch/incident/views.py +++ b/src/dispatch/incident/views.py @@ -10,13 +10,13 @@ from fastapi import APIRouter, BackgroundTasks, Depends, HTTPException, Query, status from sqlalchemy.orm import Session + from dispatch.auth.permissions import ( IncidentEditPermission, IncidentJoinOrSubscribePermission, - PermissionsDependency, IncidentViewPermission, + PermissionsDependency, ) - from dispatch.auth.models import DispatchUser from dispatch.auth.service import get_current_user from dispatch.common.utils.views import create_pydantic_include