From 5f309f54798b1a7a0fe6ef8060a8c9a77b3b6d04 Mon Sep 17 00:00:00 2001
From: Andrea Lepori <alepori@student.ethz.ch>
Date: Sat, 14 Aug 2021 11:38:40 +0200
Subject: fix RO documents visible for non group capi

---
 server/views.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'server/views.py')

diff --git a/server/views.py b/server/views.py
index 1cf3ac7..244bf60 100644
--- a/server/views.py
+++ b/server/views.py
@@ -40,11 +40,13 @@ def isStaff(user):
 
 # function to check if "aggiunto" has permission to view documents
 def isCapi_enabled(user):
-    group = user.groups.values_list('name', flat=True)[0]
+    groups = user.groups.values_list('name', flat=True)
+    group = groups[0]
     settings = GroupSettings.objects.filter(group__name=group)
-    if len(settings) == 0:
+    if len(settings) != 0 and "capi" in groups:
+        return settings[0].view_documents
+    else:
         return False
-    return settings[0].view_documents
 
 @user_passes_test(isStaff)
 def index(request):
-- 
cgit v1.2.1