From 8c6086702c9cfe9e10b23fb162ee0dd7dad3011b Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Mon, 28 Oct 2024 14:28:29 -0400
Subject: [PATCH] feat: redact internal note for requests without the
 permission

---
 program/serializers.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/program/serializers.py b/program/serializers.py
index ec81192c..08ecfcb8 100644
--- a/program/serializers.py
+++ b/program/serializers.py
@@ -652,6 +652,8 @@ class ShowSerializer(serializers.HyperlinkedModelSerializer):
 
         if not self.context.get("request").user.is_authenticated:
             del representation["email"]
+        elif not self.context.get("request").user.has_perm("display__show__internal_note"):
+            del representation["internal_note"]
 
         return representation
 
-- 
GitLab