From e1b3977715753bcda14fdba4e017bda194a9b2ff Mon Sep 17 00:00:00 2001
From: magicfelix <felix@felix-zauberer.de>
Date: Sat, 6 Mar 2021 11:53:01 +0100
Subject: [PATCH] Check edit_dashboard permission in Edit view

---
 aleksis/core/views.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/aleksis/core/views.py b/aleksis/core/views.py
index b9d7d502c..2ee83523c 100644
--- a/aleksis/core/views.py
+++ b/aleksis/core/views.py
@@ -865,9 +865,11 @@ class DashboardWidgetDeleteView(PermissionRequiredMixin, AdvancedDeleteView):
     success_message = _("The dashboard widget has been deleted.")
 
 
-class EditDashboardView(View):
+class EditDashboardView(PermissionRequiredMixin, View):
     """View for editing dashboard widget order."""
 
+    permission_required = "core.edit_dashboard"
+
     def get_context_data(self, request, **kwargs):
         context = {}
         self.default_dashboard = kwargs.get("default", False)
-- 
GitLab