From e6ddcfa720e411863a25345b7802878eddbf2ae6 Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Wed, 31 Jul 2024 14:40:50 -0400
Subject: [PATCH] fix: check for permission not if superuser to update a
 schedule

---
 program/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/program/views.py b/program/views.py
index bfc700fe..dcfc03ea 100644
--- a/program/views.py
+++ b/program/views.py
@@ -927,7 +927,7 @@ class APIScheduleViewSet(viewsets.ModelViewSet):
         them including notes.
         """
 
-        if not request.user.is_superuser:
+        if not self.request.user.has_perm("program.change_schedule"):
             return Response(status=status.HTTP_401_UNAUTHORIZED)
 
         if request.method == "PATCH":
-- 
GitLab