From b95360e07e15b742252a66fd1801c9d3a3af9846 Mon Sep 17 00:00:00 2001 From: Brad Campbell Date: Thu, 6 Jun 2019 17:01:18 -0400 Subject: [PATCH] fix permission for event undo managers can undo restocks. this should have been included with the previous change concerning fixing manager permissions. --- chezbetty/views_admin.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chezbetty/views_admin.py b/chezbetty/views_admin.py index 81b9a03..1682adf 100644 --- a/chezbetty/views_admin.py +++ b/chezbetty/views_admin.py @@ -3406,13 +3406,13 @@ def admin_event_receipt(request): @view_config(route_name='admin_event_undo', - permission='admin') + permission='manage') def admin_event_undo(request): try: # Lookup the transaction that the user wants to undo event = Event.from_id(request.matchdict['event_id']) - # Mangers can only see restocks. + # Mangers can only undo restocks. if event.type != 'restock' and not request.has_permission('admin'): raise Exception('Not authorized to undo this event.')