From 758ab532bfa2fc8110f04cfa1daf817cdc67aa2c Mon Sep 17 00:00:00 2001
From: Hangzhi Yu <hangzhi@protonmail.com>
Date: Fri, 3 Jan 2025 15:37:26 +0100
Subject: [PATCH] Add proper permission checking to personal note type

---
 aleksis/apps/alsijil/schema/personal_note.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/aleksis/apps/alsijil/schema/personal_note.py b/aleksis/apps/alsijil/schema/personal_note.py
index 7a9e20eda..f902639f7 100644
--- a/aleksis/apps/alsijil/schema/personal_note.py
+++ b/aleksis/apps/alsijil/schema/personal_note.py
@@ -26,6 +26,14 @@ class PersonalNoteType(
             "documentation",
         )
 
+    @staticmethod
+    def resolve_can_edit(root: NewPersonalNote, info, **kwargs):
+        return info.context.user.has_perm("alsijil.edit_personal_note_rule", root)
+
+    @staticmethod
+    def resolve_can_delete(root: NewPersonalNote, info, **kwargs):
+        return info.context.user.has_perm("alsijil.edit_personal_note_rule", root)
+
 
 class PersonalNoteBatchCreateMutation(BaseBatchCreateMutation):
     class Meta:
-- 
GitLab