From 4a5c3ade8e1ac9ed62e01ee7db615782e6b8144e Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Thu, 1 Aug 2024 10:56:26 -0400
Subject: [PATCH] fix: check against the new named permissions

---
 program/serializers.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/program/serializers.py b/program/serializers.py
index 140b02d3..1f17d0de 100644
--- a/program/serializers.py
+++ b/program/serializers.py
@@ -434,16 +434,16 @@ class ProfileSerializer(serializers.ModelSerializer):
         user_permissions = set(
             permission.split("__")[-1]
             for permission in user.get_all_permissions()
-            if permission.startswith("program.edit__host")
+            if permission.startswith("program.edit__profile")
         )
         update_fields = set(validated_data.keys())
 
-        # having the update_host permission overrides the ownership
-        if not (user.has_perm("program.update_host") or (user_is_owner and user_permissions)):
+        # having the update_profile permission overrides the ownership
+        if not (user.has_perm("program.update_profile") or (user_is_owner and user_permissions)):
             raise exceptions.PermissionDenied(detail="You are not allowed to update this host.")
 
-        # without the update_host permission, fields without edit permission are not allowed
-        if not user.has_perm("program.update_host") and (
+        # without the update_profile permission, fields without edit permission are not allowed
+        if not user.has_perm("program.update_profile") and (
             not_allowed := update_fields.difference(user_permissions)
         ):
             detail = {field: "You are not allowed to edit this field" for field in not_allowed}
-- 
GitLab