diff --git a/rdmo/projects/permissions.py b/rdmo/projects/permissions.py index e6d114be1f..3d3adcbbe4 100644 --- a/rdmo/projects/permissions.py +++ b/rdmo/projects/permissions.py @@ -12,17 +12,17 @@ def has_permission(self, request, view): # for retrieve, update, partial_update, the permission will be checked on the # object level (in the next step) return True + + if view.action == 'list': + # list is allowed for every user since the filtering is done in the queryset + return True + + if 'create' in view.action_map.values(): + # for create, check the permission (from rules.py), + # but only if it is not a ReadOnlyValueSet (i.e. only for ProjectViewSet) + return super().has_permission(request, view) else: - if view.action == 'list': - # list is allowed for every user since the filtering is done in the queryset - return True - else: - if 'create' in view.action_map.values(): - # for create, check the permission (from rules.py), - # but only if it is not a ReadOnlyValueSet (i.e. only for ProjectViewSet) - return super().has_permission(request, view) - else: - return True + return True @log_result def has_object_permission(self, request, view, obj): diff --git a/rdmo/projects/rules.py b/rdmo/projects/rules.py index 52849c427b..d0b494f609 100644 --- a/rdmo/projects/rules.py +++ b/rdmo/projects/rules.py @@ -7,14 +7,14 @@ @rules.predicate def can_add_project(user): - if settings.PROJECT_CREATE_RESTRICTED: - if settings.PROJECT_CREATE_GROUPS: - return user.groups.filter(name__in=settings.PROJECT_CREATE_GROUPS).exists() - else: - return False - else: + if not settings.PROJECT_CREATE_RESTRICTED: return True + if settings.PROJECT_CREATE_GROUPS: + return user.groups.filter(name__in=settings.PROJECT_CREATE_GROUPS).exists() + else: + return False + @rules.predicate def is_project_member(user, project):