diff --git a/src/authentic2/manager/journal_views.py b/src/authentic2/manager/journal_views.py
index bada503f5..70e8fce26 100644
--- a/src/authentic2/manager/journal_views.py
+++ b/src/authentic2/manager/journal_views.py
@@ -129,13 +129,10 @@ class BaseJournalView(views.TitleMixin, views.MediaMixin, views.MultipleOUMixin,
return ctx
-class GlobalJournalView(BaseJournalView):
+class GlobalJournalView(views.PermissionMixin, BaseJournalView):
template_name = 'authentic2/manager/journal.html'
-
- def dispatch(self, request, *args, **kwargs):
- if not request.user.is_superuser:
- raise PermissionDenied
- return super().dispatch(request, *args, **kwargs)
+ permissions_global = True
+ permissions = ['custom_user.view_user', 'a2_rbac.view_role']
journal = GlobalJournalView.as_view()
diff --git a/src/authentic2/manager/templates/authentic2/manager/homepage.html b/src/authentic2/manager/templates/authentic2/manager/homepage.html
index a9448fc58..3f9ea2b12 100644
--- a/src/authentic2/manager/templates/authentic2/manager/homepage.html
+++ b/src/authentic2/manager/templates/authentic2/manager/homepage.html
@@ -6,13 +6,17 @@
{% block appbar %}
{% blocktrans %}Here you can manage objects related to organizational units, users, roles and applications.{% endblocktrans %}
- {% if user.is_superuser %}
+ {% if user.is_superuser or can_view_journal %}
{% endif %}
diff --git a/src/authentic2/manager/views.py b/src/authentic2/manager/views.py
index e1cb61ed5..56466bc4d 100644
--- a/src/authentic2/manager/views.py
+++ b/src/authentic2/manager/views.py
@@ -658,6 +658,9 @@ class HomepageView(TitleMixin, PermissionMixin, MediaMixin, TemplateView):
def get_context_data(self, **kwargs):
kwargs['entries'] = self.get_homepage_entries()
+ kwargs['can_view_journal'] = self.request.user.has_perms(
+ ['custom_user.view_user', 'a2_rbac.view_role']
+ )
return super(HomepageView, self).get_context_data(**kwargs)
diff --git a/tests/test_manager_journal.py b/tests/test_manager_journal.py
index c19ef4c00..38dd053ce 100644
--- a/tests/test_manager_journal.py
+++ b/tests/test_manager_journal.py
@@ -28,14 +28,18 @@ from authentic2.custom_user.models import User
from authentic2.journal import journal
from authentic2.models import Service
-from .utils import login, text_content
+from .utils import login, logout, text_content
-def test_journal_authorization(app, db, admin):
- response = login(app, admin, path='/manage/')
- assert 'Journal' not in response
+def test_journal_authorization(app, db, simple_user, admin):
+ response = login(app, simple_user)
app.get('/manage/journal/', status=403)
+ logout(app)
+ response = login(app, admin, path='/manage/')
+ assert 'Journal' in response
+ app.get('/manage/journal/', status=200)
+
@pytest.fixture(autouse=True)
def events(db, freezer):