From bce12fd650b7b031584ba6e5ea79aa10edc35682 Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Tue, 26 Mar 2024 17:30:18 -0400
Subject: [PATCH] feat: check for permissions insted of is_superuser

---
 program/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/program/views.py b/program/views.py
index 83fca058..9ea46433 100644
--- a/program/views.py
+++ b/program/views.py
@@ -724,7 +724,7 @@ class APINoteViewSet(
 
         user = self.request.user
 
-        if self.request.method in permissions.SAFE_METHODS or user.is_superuser:
+        if self.request.method in permissions.SAFE_METHODS or user.has_perm("update_note"):
             return Note.objects.all()
         else:
             return Note.objects.filter(timeslot__schedule__show__owners=user)
-- 
GitLab