From 3e3cbfab742c4d1132821355cf5b127b28aac4c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Valenta?= <git@imaniti.org>
Date: Sun, 9 Jul 2023 14:03:47 +0900
Subject: [PATCH] fix AnonymousUser permissions

---
 lectures/templates/lectures/view_lecture.html | 16 +++++++++-------
 lectures/views.py                             | 10 ++++++++--
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/lectures/templates/lectures/view_lecture.html b/lectures/templates/lectures/view_lecture.html
index 932a2f0..28217eb 100644
--- a/lectures/templates/lectures/view_lecture.html
+++ b/lectures/templates/lectures/view_lecture.html
@@ -44,13 +44,15 @@
         {% endif %}
     </div>
 
-    <script>
-        window.isRegistered = {% if user|is_registered:lecture %}
-            true
-        {% else %}
-            false
-        {% endif %};
-    </script>
+    {% if user.is_authenticated %}
+        <script>
+            window.isRegistered = {% if user|is_registered:lecture %}
+                true
+            {% else %}
+                false
+            {% endif %};
+        </script>
+    {% endif %}
 
     <div class="flex flex-col gap-2 my-4 py-4 border-y border-gray-200">
         <div class="flex justify-between gap-2 text-lg text-gray-600">
diff --git a/lectures/views.py b/lectures/views.py
index 2d3a2e2..1b579d4 100644
--- a/lectures/views.py
+++ b/lectures/views.py
@@ -79,7 +79,10 @@ def get_lectures(request, filter=None, get_exceptions: bool = True) -> tuple:
                 )
             )
             & (
-                models.Q(user_groups__in=request.user.groups.all())
+                (
+                    models.Q(user_groups__in=request.user.groups.all())
+                    | models.Q(user_groups=None)
+                )
                 if not request.user.is_superuser
                 else models.Q(id__isnull=False)  # Always True
             )
@@ -136,7 +139,10 @@ def view_group_lectures(request, group_id: int):
     group_id_exists = group.exists()
 
     if not request.user.is_superuser:
-        group = group.filter(models.Q(user_groups__in=request.user.groups.all()))
+        group = group.filter(
+            models.Q(user_groups__in=request.user.groups.all())
+            | models.Q(user_groups=None)
+        )
 
     if not group.exists():
         if not group_id_exists:  # Doesn't exist at all
-- 
GitLab