Correct handling of special authentications in the mixin

arkindex/project/mixins.py

@@ -51,13 +51,18 @@ class ACLMixin(object):
         self._check_level(level)
         include_public = level <= Role.Guest.value and self._has_public_field(model)
 
-        # Handle specific cases (i.e. admin or anonymous user)
-        if self.user.is_admin or self.user.is_internal:
-            return model.objects.all().annotate(max_level=Value(Role.Admin.value))
-        elif self.user.is_anonymous:
+        # Handle special authentications
+        if self.user.is_anonymous:
+            # Anonymous users have Guest access on public instances only
             if not include_public:
                 return model.objects.none()
-            return self.get_public_instances(model, Role.Guest.value)
+            return self.get_public_instances(model, Role.Guest.value) \
+                .order_by(*self.mixin_order_by_fields, 'id')
+        elif self.user.is_admin or self.user.is_internal:
+            # Superusers have an Admin access to all corpora
+            return model.objects.all() \
+                .annotate(max_level=Value(Role.Admin.value, IntegerField())) \
+                .order_by(*self.mixin_order_by_fields, 'id')
 
         # Filter users rights and annotate the resulting level for those rights
         queryset = model.objects \