From 0d1832dc0d8e4736d31b731cac208e703d0078a9 Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Sat, 22 Dec 2018 16:07:28 +0100
Subject: [PATCH] Stopgap fix for lack fo permissions check on organistions

---
 pgweb/core/views.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pgweb/core/views.py b/pgweb/core/views.py
index f04a7683..674e36f3 100644
--- a/pgweb/core/views.py
+++ b/pgweb/core/views.py
@@ -1,4 +1,4 @@
-from django.shortcuts import render
+from django.shortcuts import render, get_object_or_404
 from django.http import HttpResponse, Http404, HttpResponseRedirect
 from django.http import HttpResponseNotModified
 from django.template import TemplateDoesNotExist, loader
@@ -126,6 +126,8 @@ def fallback(request, url):
 # Edit-forms for core objects
 @login_required
 def organisationform(request, itemid):
+	get_object_or_404(Organisation, pk=itemid, managers=request.user)
+
 	return simple_form(Organisation, itemid, request, OrganisationForm,
 					   redirect='/account/edit/organisations/')
 
-- 
2.39.5