From 7b8f1386718efff49465b0f0df88fe4d6dbce172 Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Wed, 14 Feb 2024 15:54:13 -0400
Subject: [PATCH] fix: replace privileged user with superuser. the last time

---
 program/views.py | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/program/views.py b/program/views.py
index 187cd2ed..c8987d96 100644
--- a/program/views.py
+++ b/program/views.py
@@ -593,7 +593,7 @@ class APIScheduleViewSet(
         them including notes.
         """
 
-        if not request.user.groups.filter(name=settings.PRIVILEGED_GROUP).exists():
+        if not request.user.is_superuser:
             return Response(status=status.HTTP_401_UNAUTHORIZED)
 
         # Only allow updating when with the `schedule` JSON object
@@ -721,10 +721,7 @@ class APINoteViewSet(
 
         user = self.request.user
 
-        if (
-            self.request.method in permissions.SAFE_METHODS
-            or user.groups.filter(name=settings.PRIVILEGED_GROUP).exists()
-        ):
+        if self.request.method in permissions.SAFE_METHODS or user.is_superuser:
             return Note.objects.all()
         else:
             return Note.objects.filter(timeslot__schedule__show__owners=user)
-- 
GitLab