From 9984dbf4fc770a76405bc11d6cd50ddf003d6cd4 Mon Sep 17 00:00:00 2001
From: Renaud Michotte <renaud.michotte@gmail.com>
Date: Mon, 22 Feb 2021 15:06:40 +0100
Subject: [PATCH] ILL request: fix permissions

* Fixes permissions when the current user has librarian AND patron
  roles, thus preventing him or her to view/edit an ILL requests on the
  professional interface.
* Closes rero/rero-ils#1709.

Co-Authored-by: Renaud Michotte <renaud.michotte@gmail.com>
---
 rero_ils/modules/ill_requests/permissions.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rero_ils/modules/ill_requests/permissions.py b/rero_ils/modules/ill_requests/permissions.py
index baf8b107b5..7171f53c5f 100644
--- a/rero_ils/modules/ill_requests/permissions.py
+++ b/rero_ils/modules/ill_requests/permissions.py
@@ -46,14 +46,14 @@ def read(cls, user, record):
         :return: True is action can be done.
         """
         if current_patron:
-            # patron an only read their own requests
-            if current_patron.is_patron:
-                return record.patron_pid == current_patron.pid
             # staff member (lib, sys_lib) can always read request from their
             # own organisation
             if current_patron.is_librarian:
                 return current_organisation.pid \
                        == ILLRequest(record).organisation_pid
+            # patron can only read their own requests
+            if current_patron.is_patron:
+                return record.patron_pid == current_patron.pid
         return False
 
     @classmethod