diff --git a/akvo/rsr/models/__init__.py b/akvo/rsr/models/__init__.py index 4469222ac6..0d91378de7 100644 --- a/akvo/rsr/models/__init__.py +++ b/akvo/rsr/models/__init__.py @@ -133,7 +133,7 @@ rules.add_perm('rsr.change_keyword', is_rsr_admin) rules.add_perm('rsr.add_partnersite', is_rsr_admin) -rules.add_perm('rsr.change_partnersite', is_rsr_admin) +rules.add_perm('rsr.change_partnersite', is_rsr_admin | is_org_admin) rules.add_perm('rsr.add_partnertype', is_rsr_admin) rules.add_perm('rsr.change_partnertype', is_rsr_admin) diff --git a/akvo/rsr/permissions.py b/akvo/rsr/permissions.py index 512b63e343..04f1403bcc 100644 --- a/akvo/rsr/permissions.py +++ b/akvo/rsr/permissions.py @@ -9,7 +9,7 @@ from django.contrib.auth import get_user_model from django.contrib.auth.models import Group -from .models import Employment, Organisation, Project, PublishingStatus +from .models import Employment, Organisation, PartnerSite, Project, PublishingStatus @rules.predicate @@ -20,6 +20,7 @@ def is_rsr_admin(user): @rules.predicate def is_org_admin(user, obj): + # obj + 1 if not user.is_authenticated(): return False for employment in user.employers.approved(): @@ -36,6 +37,8 @@ def is_org_admin(user, obj): return True elif isinstance(obj, PublishingStatus) and obj in employment.organisation.all_projects().publishingstatuses(): return True + elif isinstance(obj, PartnerSite) and obj in employment.organisation.partnersites(): + return True else: try: if obj.project and obj.project in employment.organisation.all_projects():