From 3511d63c63e11b32d6be96c92e854ccbff47ee43 Mon Sep 17 00:00:00 2001
From: Jonathan Weth <git@jonathanweth.de>
Date: Sun, 16 May 2021 16:41:50 +0200
Subject: [PATCH] Add missing has_person predicates in group roles rules

---
 aleksis/apps/alsijil/rules.py | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/aleksis/apps/alsijil/rules.py b/aleksis/apps/alsijil/rules.py
index 1a8a06adc..0226e4434 100644
--- a/aleksis/apps/alsijil/rules.py
+++ b/aleksis/apps/alsijil/rules.py
@@ -241,7 +241,7 @@ delete_extramark_predicate = view_extramarks_predicate & has_global_perm("alsiji
 add_perm("alsijil.delete_extramark", delete_extramark_predicate)
 
 # View group role list
-view_group_roles_predicate = has_global_perm("alsijil.view_grouprole")
+view_group_roles_predicate = has_person & has_global_perm("alsijil.view_grouprole")
 add_perm("alsijil.view_grouproles", view_group_roles_predicate)
 
 # Add group role
@@ -258,14 +258,14 @@ delete_group_role_predicate = view_group_roles_predicate & has_global_perm(
 )
 add_perm("alsijil.delete_grouprole", delete_group_role_predicate)
 
-view_assigned_group_roles_predicate = (
+view_assigned_group_roles_predicate = has_person & (
     is_group_owner
     | has_global_perm("alsjil.assign_grouprole")
     | has_object_perm("core.assign_grouprole")
 )
 add_perm("alsijil.view_assigned_grouproles", view_assigned_group_roles_predicate)
 
-view_assigned_group_roles_register_object_predicate = (
+view_assigned_group_roles_register_object_predicate = has_person & (
     is_lesson_teacher
     | is_lesson_original_teacher
     | is_lesson_parent_group_owner
@@ -276,20 +276,20 @@ add_perm(
     view_assigned_group_roles_register_object_predicate,
 )
 
-assign_group_role_person_predicate = is_person_group_owner | has_global_perm(
-    "alsjil.assign_grouprole"
+assign_group_role_person_predicate = has_person & (
+    is_person_group_owner | has_global_perm("alsjil.assign_grouprole")
 )
 add_perm("alsijil.assign_grouprole_to_person", assign_group_role_person_predicate)
 
-assign_group_role_for_multiple_predicate = is_owner_of_any_group | has_global_perm(
-    "alsjil.assign_grouprole"
+assign_group_role_for_multiple_predicate = has_person & (
+    is_owner_of_any_group | has_global_perm("alsjil.assign_grouprole")
 )
 add_perm("alsijil.assign_grouprole_for_multiple", assign_group_role_for_multiple_predicate)
 
 assign_group_role_group_predicate = view_assigned_group_roles_predicate
 add_perm("alsijil.assign_grouprole_for_group", assign_group_role_group_predicate)
 
-edit_group_role_assignment_predicate = (
+edit_group_role_assignment_predicate = has_person & (
     has_global_perm("alsjil.assign_grouprole") | is_group_role_assignment_group_owner
 )
 add_perm("alsijil.edit_grouproleassignment", edit_group_role_assignment_predicate)
@@ -297,7 +297,7 @@ add_perm("alsijil.edit_grouproleassignment", edit_group_role_assignment_predicat
 stop_group_role_assignment_predicate = edit_group_role_assignment_predicate
 add_perm("alsijil.stop_grouproleassignment", stop_group_role_assignment_predicate)
 
-delete_group_role_assignment_predicate = (
+delete_group_role_assignment_predicate = has_person & (
     has_global_perm("alsjil.assign_grouprole") | is_group_role_assignment_group_owner
 )
 add_perm("alsijil.delete_grouproleassignment", delete_group_role_assignment_predicate)
-- 
GitLab