Fix WriteOrPublicForRelationshipInstitutions for nodes

CenterForOpenScience · Sep 6, 2024 · aa7e1e0 · aa7e1e0
1 parent 3d3289c
commit aa7e1e0
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/api/base/permissions.py b/api/base/permissions.py
@@ -8,7 +8,8 @@
 from framework.auth import oauth_scopes
 from framework.auth.cas import CasResponse
 
-from osf.models import ApiOAuth2Application, ApiOAuth2PersonalToken
+from osf.models import ApiOAuth2Application, ApiOAuth2PersonalToken, Preprint
+from osf.utils import permissions as osf_permissions
 from website.util.sanitize import is_iterable_but_not_string
 from api.base.utils import get_user_auth
 
@@ -172,4 +173,6 @@ def has_object_permission(self, request, view, obj):
         if request.method in permissions.SAFE_METHODS:
             return resource.is_public or resource.can_view(auth)
         else:
-            return resource.can_edit(auth.user)
+            if isinstance(resource, Preprint):
+                return resource.can_edit(auth.user)
+            return resource.has_permission(auth.user, osf_permissions.WRITE)