From d93483db262cf0fde55a4a3b9645e2e7ec5a5ee3 Mon Sep 17 00:00:00 2001 From: Ross Date: Mon, 3 Nov 2025 11:53:45 +0000 Subject: [PATCH] Refactor permission checks in UpdateQuestionMixin to include author and reviewer group validation --- generic/views.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/generic/views.py b/generic/views.py index f67bfcf7..8efb4121 100644 --- a/generic/views.py +++ b/generic/views.py @@ -4736,12 +4736,17 @@ class UpdateQuestionMixin(RedirectMixin, RevisionMixin, UpdateView): # Do permission checks here obj = context["object"] - if ( + if self.request.user in obj.get_author_objects(): + return context + elif ( self.request.user.groups.filter(name="long_checker").exists() or self.request.user.is_superuser ): return context - if self.request.user in obj.get_author_objects(): + + review_group = f"{obj.get_app_name()}_reviewer" + logger.debug(f"Checking for group membership: {review_group}") + if self.request.user.groups.filter(name=review_group).exists(): return context raise PermissionDenied() # or Http404