permissions: fix error message for users

When a user that doesn't have the patron, librarian or system librarian role, the message "Permission required" is displayed instead of "Internal server error". * Closes #1508 Co-Authored-by: Bertrand Zuchuat <[email protected]>
rero · Dec 1, 2020 · 9726ad9 · 9726ad9
1 parent f6c73a8
commit 9726ad9
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/rero_ils/permissions.py b/rero_ils/permissions.py
@@ -89,10 +89,10 @@ def decorated_view(*args, **kwargs):
             return current_app.login_manager.unauthorized()
         else:
             patron = Patron.get_patron_by_user(current_user)
-            if patron.is_librarian or patron.is_system_librarian:
-                return func(*args, **kwargs)
-            else:
+            if not patron or (not patron.is_librarian and
+                              not patron.is_system_librarian):
                 abort(403)
+            return func(*args, **kwargs)
     return decorated_view