From c92df8853684489c4d9b64ef8425c4b67d3e9612 Mon Sep 17 00:00:00 2001
From: Valentin Rigal <rigal@teklia.com>
Date: Mon, 14 Dec 2020 11:18:09 +0100
Subject: [PATCH] Handle anonymous user

---
 arkindex/project/mixins.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arkindex/project/mixins.py b/arkindex/project/mixins.py
index c805ccd753..94a41281c1 100644
--- a/arkindex/project/mixins.py
+++ b/arkindex/project/mixins.py
@@ -32,8 +32,15 @@ class ACLMixin(object):
         """
         Return a model queryset matching a given access level for this user
         """
+        # Handle specific cases (i.e. admin or anonymous user)
         if self.user.is_admin or self.user.is_internal:
             return model.objects.all()
+        elif user.is_anonymous:
+            if level > Role.Guest.value or not public:
+                return model.objects.none()
+            else:
+                return model.objects.filter(public=True)
+
         queryset = model.objects \
             .filter(
                 # Filter instances with direct and groups rights for this user (They may be duplicated)
-- 
GitLab