From 1bc3b58d4eaae1c3f43afa94c036ac72b6c55b0e Mon Sep 17 00:00:00 2001
From: Roberto Rosario <roberto.rosario@mayan-edms.com>
Date: Sun, 22 Sep 2019 21:15:31 -0400
Subject: [PATCH] Return empty queryset for non authenticated users

Signed-off-by: Roberto Rosario <roberto.rosario@mayan-edms.com>
---
 mayan/apps/acls/managers.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mayan/apps/acls/managers.py b/mayan/apps/acls/managers.py
index 2bc9f457ff..0cb07b5987 100644
--- a/mayan/apps/acls/managers.py
+++ b/mayan/apps/acls/managers.py
@@ -239,6 +239,9 @@ class AccessControlListManager(models.Manager):
             )
 
     def restrict_queryset(self, permission, queryset, user):
+        if not user.is_authenticated():
+            return queryset.none()
+
         # Check directly granted permission via a role
         try:
             Permission.check_user_permissions(