Skip to content

Commit

Permalink
allow read permissions for non-public contributors
Browse files Browse the repository at this point in the history
  • Loading branch information
John Tordoff committed Jul 29, 2024
1 parent fc1d301 commit 7362ce5
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
2 changes: 1 addition & 1 deletion api/base/permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,6 @@ def has_object_permission(self, request, view, obj):
resource = obj['self']

if request.method in permissions.SAFE_METHODS:
return resource.is_public or resource.can_view(auth)
return resource.is_public or resource.has_permission(auth.user, 'read') or resource.can_view(auth)
else:
return resource.can_edit(auth)
4 changes: 3 additions & 1 deletion osf/models/preprint.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -893,7 +893,9 @@ def can_edit(self, auth=None, user=None):
raise ValueError('Cannot pass both `auth` and `user`')
user = user or auth.user

return user and self.has_permission(user, WRITE)
return (
user and ((self.has_permission(user, WRITE) and self.has_submitted_preprint) or self.has_permission(user, ADMIN))
)

def get_contributor_order(self):
# Method needed for ContributorMixin
Expand Down

0 comments on commit 7362ce5

Please sign in to comment.