From 11a83b1e80fa665eb75b635ec61909ab738cd15b Mon Sep 17 00:00:00 2001
From: Alexandre Bourlier <alexandre@happy-dev.fr>
Date: Sun, 16 Jun 2019 17:42:41 +0200
Subject: [PATCH] bugfix: AnonymousReadOnly

---
 djangoldp/permissions.py | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/djangoldp/permissions.py b/djangoldp/permissions.py
index 72e5cfb2..f3c63c3c 100644
--- a/djangoldp/permissions.py
+++ b/djangoldp/permissions.py
@@ -80,10 +80,10 @@ class InboxPermissions(WACPermissions):
             return super().has_object_permission(request, view, obj)
 
     def user_permissions(self, user, obj):
-        if user.is_anonymous:
+        if user.is_anonymous():
             return self.anonymous_perms
         else:
-            if Model.get_meta(obj, 'auto_author') == user:
+            if hasattr(obj._meta, 'auto_author') and getattr(obj, Model.get_meta(obj, 'auto_author')) == user:
                 return self.author_perms
             else:
                 return self.authenticated_perms
@@ -114,18 +114,15 @@ class AnonymousReadOnly(WACPermissions):
         elif view.action in ["list", "retrieve"]:
             return True
         elif view.action in ['update', 'partial_update', 'destroy']:
-            if hasattr(obj._meta, 'auto_author'):
-                author = getattr(obj, obj._meta.auto_author)
-                if author == request.user:
-                    return True
-        else:
-            return super().has_object_permission(request, view, obj)
+            if hasattr(obj._meta, 'auto_author') and getattr(obj, Model.get_meta(obj, 'auto_author')) == request.user:
+                return True
+        return super().has_object_permission(request, view, obj)
 
     def user_permissions(self, user, obj):
-        if user.is_anonymous:
+        if user.is_anonymous():
             return self.anonymous_perms
         else:
-            if Model.get_meta(obj, 'auto_author') == user:
+            if hasattr(obj._meta, 'auto_author') and getattr(obj, Model.get_meta(obj, 'auto_author')) == user:
                 return self.author_perms
             else:
                 return self.authenticated_perms
@@ -153,7 +150,7 @@ class LoggedReadOnly(WACPermissions):
             return super().has_object_permission(request, view, obj)
 
     def user_permissions(self, user, obj):
-        if user.is_anonymous:
+        if user.is_anonymous():
             return self.anonymous_perms
         else:
             return self.authenticated_perms
-- 
GitLab