fixed access logic for forms with read access set to 'roles'

2009-04-10 06:08:16 +00:00 · 2009-04-10 06:08:16 +00:00 · 8da45e16e6
parent 6b2e9093f3
commit 8da45e16e6
1 changed files with 4 additions and 1 deletions
--- a/wcs/formdata.py
+++ b/wcs/formdata.py
@ -159,7 +159,10 @@ class FormData(StorableObject):
            return True
        elif self.formdef.acl_read == 'roles':
            user_roles = Set(user.roles)
-            if user_roles.intersection(self.formdef.roles or []):
+            form_roles = (self.formdef.roles or [])
+            if self.formdef.receiver:
+                form_roles.append(self.formdef.receiver.id)
+            if user_roles.intersection(form_roles):
                return True
        elif self.formdef.acl_read == 'owner':
            if self.user_id == user.id: