From e293efde5e33898473c6d8ce688cd32b54f0c5cf Mon Sep 17 00:00:00 2001
From: Jonathan Weth <git@jonathanweth.de>
Date: Sat, 22 Jul 2023 17:10:17 +0200
Subject: [PATCH] Fix permissions

---
 aleksis/core/frontend/routes.js |  2 +-
 aleksis/core/schema/__init__.py | 12 +++++-------
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/aleksis/core/frontend/routes.js b/aleksis/core/frontend/routes.js
index e8bc2e6a6..cffb6955b 100644
--- a/aleksis/core/frontend/routes.js
+++ b/aleksis/core/frontend/routes.js
@@ -371,7 +371,7 @@ const routes = [
           inMenu: true,
           titleKey: "holidays.menu_title",
           icon: "$holidays",
-          permission: "core.view_holiday_rule",
+          permission: "core.view_holidays_rule",
         },
       },
       {
diff --git a/aleksis/core/schema/__init__.py b/aleksis/core/schema/__init__.py
index a1c2896ef..9db010c02 100644
--- a/aleksis/core/schema/__init__.py
+++ b/aleksis/core/schema/__init__.py
@@ -145,14 +145,12 @@ class Query(graphene.ObjectType):
     def resolve_group_by_id(root, info, id):  # noqa
         group = Group.objects.filter(id=id)
 
-        if len(group) != 1:
-            return None
-
-        group = group.first()
+        if group.exists():
+            group = group.first()
 
-        if not info.context.user.has_perm("core.view_group", group):
-            raise PermissionDenied()
-        return group
+            if not info.context.user.has_perm("core.view_group_rule", group):
+                raise PermissionDenied()
+            return group
 
     def resolve_who_am_i(root, info, **kwargs):
         return info.context.user
-- 
GitLab