Merge pull request #696 from hms-dbmi/feature-4ce-dua

fix(projects): Fixed an issue on DataProject view with un-authenticat…
hms-dbmi · Aug 21, 2024 · aa81d56 · aa81d56
2 parents 0ce2f3a + c10b074
commit aa81d56
Showing 1 changed file with 14 additions and 12 deletions.
diff --git a/app/projects/views.py b/app/projects/views.py
@@ -800,7 +800,7 @@ def panel_institutional_official(self, context):
 
         try:
             # Check for an institutional official linked to this user
-            official = InstitutionalOfficial.objects.get(user=self.participant.user)
+            official = InstitutionalOfficial.objects.get(user=self.request.user)
 
             # Add to context
             additional_context["official"] = official
@@ -809,7 +809,7 @@ def panel_institutional_official(self, context):
 
         try:
             # Check for an institutional member linked to this user
-            member = InstitutionalMember.objects.get(user=self.participant.user)
+            member = InstitutionalMember.objects.get(email=self.request.user.email)
 
             # Add to context
             additional_context["member"] = member
@@ -933,16 +933,18 @@ def is_user_granted_access(self, context):
         """
         # Check for institutional access
         try:
-            member = InstitutionalMember.objects.get(official__project=self.project, email=self.request.user.email)
-            logger.debug(f"Institutional member found under official: {member.official.user.email}")
-
-            # Check if official has access
-            official_participant = Participant.objects.get(project=self.project, user=member.official.user)
-            if official_participant.permission == "VIEW":
-                logger.debug(f"Institutional official has access, granting access to member")
-                return True
-            else:
-                logger.debug(f"Institutional official does not have access")
+            # Only perform this check for authenticated users
+            if self.request.user.is_authenticated:
+                member = InstitutionalMember.objects.get(official__project=self.project, email=self.request.user.email)
+                logger.debug(f"Institutional member found under official: {member.official.user.email}")
+
+                # Check if official has access
+                official_participant = Participant.objects.get(project=self.project, user=member.official.user)
+                if official_participant.permission == "VIEW":
+                    logger.debug(f"Institutional official has access, granting access to member")
+                    return True
+                else:
+                    logger.debug(f"Institutional official does not have access")
 
         except ObjectDoesNotExist:
             logger.debug(f"No institutional member found")