Return empty queryset for non authenticated users

Signed-off-by: Roberto Rosario <roberto.rosario@mayan-edms.com>
2019-09-22 21:15:31 -04:00
parent 4e6e4789e3
commit 1bc3b58d4e
1 changed files with 3 additions and 0 deletions
--- a/mayan/apps/acls/managers.py
+++ b/mayan/apps/acls/managers.py
@@ -239,6 +239,9 @@ class AccessControlListManager(models.Manager):
            )

    def restrict_queryset(self, permission, queryset, user):
+        if not user.is_authenticated():
+            return queryset.none()
+
        # Check directly granted permission via a role
        try:
            Permission.check_user_permissions(