From d1b1fe1433e40c58b6b9bd5771d85006e397c39a Mon Sep 17 00:00:00 2001 From: james1293 Date: Mon, 22 Jul 2019 15:46:32 -0400 Subject: [PATCH] Delete perms: must be staff and in group --- todo/views/del_list.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/todo/views/del_list.py b/todo/views/del_list.py index c4e044f..ee82c7b 100644 --- a/todo/views/del_list.py +++ b/todo/views/del_list.py @@ -17,7 +17,7 @@ def del_list(request, list_id: int, list_slug: str) -> HttpResponse: # Ensure user has permission to delete list. Get the group this list belongs to, # and check whether current user is a member of that group AND a staffer. - if task_list.group not in request.user.groups.all() and not request.user.is_staff: + if not (task_list.group in request.user.groups.all() and request.user.is_staff): raise PermissionDenied if request.method == "POST":