From b2d012d1554782f49b5f1ba249459f2a0ff0dbc3 Mon Sep 17 00:00:00 2001
From: Stefan Wehrmeyer <mail@stefanwehrmeyer.com>
Date: Tue, 19 Nov 2024 12:51:44 +0100
Subject: [PATCH] Fix code that assumes AnonymousUser has `is_crew`

---
 froide/document/filters.py | 2 +-
 froide/helper/auth.py      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/froide/document/filters.py b/froide/document/filters.py
index cb903e631..e20d15711 100644
--- a/froide/document/filters.py
+++ b/froide/document/filters.py
@@ -58,7 +58,7 @@ def filter_foirequest(self, qs, name, value):
 
 
 def get_portal_queryset(request):
-    if not request.user.is_crew:
+    if not request.user.is_authenticated or not request.user.is_crew:
         return DocumentPortal.objects.filter(public=True)
     return DocumentPortal.objects.all()
 
diff --git a/froide/helper/auth.py b/froide/helper/auth.py
index 08db16fb0..f02fcac6c 100644
--- a/froide/helper/auth.py
+++ b/froide/helper/auth.py
@@ -227,7 +227,7 @@ def get_user_filter(request, teams=None, fk_path=None):
 
 def require_crew(view_func):
     def decorator(request, *args, **kwargs):
-        if not request.user.is_crew:
+        if not request.user.is_authenticated or not request.user.is_crew:
             raise PermissionDenied
         return view_func(request, *args, **kwargs)