ILL request: fix permissions

* Fixes permissions when the current user has librarian AND patron roles, thus preventing him or her to view/edit an ILL requests on the professional interface. * Closes #1709. Co-Authored-by: Renaud Michotte <[email protected]>
rero · Mar 3, 2021 · 6281165 · 6281165
1 parent 30bf6ec
commit 6281165
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/rero_ils/modules/ill_requests/permissions.py b/rero_ils/modules/ill_requests/permissions.py
@@ -46,14 +46,14 @@ def read(cls, user, record):
         :return: True is action can be done.
         """
         if current_patron:
-            # patron an only read their own requests
-            if current_patron.is_patron:
-                return record.patron_pid == current_patron.pid
             # staff member (lib, sys_lib) can always read request from their
             # own organisation
             if current_patron.is_librarian:
                 return current_organisation.pid \
                        == ILLRequest(record).organisation_pid
+            # patron can only read their own requests
+            if current_patron.is_patron:
+                return record.patron_pid == current_patron.pid
         return False
 
     @classmethod