Request: fix permissions

If the current user had role librarian AND role patron, it couln't view/edit an ILL requests into the admin interface. Closes #1709. Co-Authored-by: Renaud Michotte <[email protected]>
rero · Feb 22, 2021 · f6c99b2 · f6c99b2
1 parent 2955915
commit f6c99b2
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/rero_ils/modules/ill_requests/permissions.py b/rero_ils/modules/ill_requests/permissions.py
@@ -46,14 +46,14 @@ def read(cls, user, record):
         :return: True is action can be done.
         """
         if current_patron:
-            # patron an only read their own requests
-            if current_patron.is_patron:
-                return record.patron_pid == current_patron.pid
             # staff member (lib, sys_lib) can always read request from their
             # own organisation
             if current_patron.is_librarian:
                 return current_organisation.pid \
                        == ILLRequest(record).organisation_pid
+            # patron an only read their own requests
+            if current_patron.is_patron:
+                return record.patron_pid == current_patron.pid
         return False
 
     @classmethod