From 7e0435a94858837acaf8e1b64bbf457ad1331823 Mon Sep 17 00:00:00 2001
From: Scot Hacker <shacker@birdhouse.org>
Date: Fri, 16 Mar 2018 00:24:58 -0700
Subject: [PATCH] Get task_list before checking for groups

---
 todo/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/todo/views.py b/todo/views.py
index 65da089..d345cd7 100644
--- a/todo/views.py
+++ b/todo/views.py
@@ -106,9 +106,9 @@ def list_detail(request, list_id=None, list_slug=None, view_completed=False):
 
     else:
         # Show a specific list, ensuring permissions.
+        task_list = get_object_or_404(TaskList, id=list_id)
         if task_list.group not in request.user.groups.all() and not request.user.is_staff:
             raise PermissionDenied
-        task_list = get_object_or_404(TaskList, id=list_id)
         items = Item.objects.filter(task_list=task_list.id)
 
     # Additional filtering