fix: perm validation for geo user w/o org unit

Refs: IA-3713
BLSQ · Nov 25, 2024 · 9369ca1 · 9369ca1
2 parents ce924e8 + 62af3b0
commit 9369ca1
Show file tree

Hide file tree

Showing 2 changed files with 162 additions and 139 deletions.
diff --git a/iaso/api/profiles/profiles.py b/iaso/api/profiles/profiles.py
@@ -665,17 +665,18 @@ def validate_org_units(self, request, profile) -> QuerySet[OrgUnit]:
         if request.user.has_perm(permission.USERS_MANAGED):
             profile_org_units = request.user.iaso_profile.org_units.all()
             managed_org_units = OrgUnit.objects.hierarchy(profile_org_units).values_list("id", flat=True)
-            for org_unit_id in org_unit_ids:
-                if (
-                    org_unit_id not in managed_org_units
-                    and org_unit_id not in existing_org_unit_ids
-                    and not request.user.is_superuser
-                ):
-                    raise PermissionDenied(
-                        f"User with {permission.USERS_MANAGED} cannot assign an OrgUnit outside of their own health "
-                        f"pyramid. Trying to assign {org_unit_id}."
-                    )
-                filtered_org_unit_ids.append(org_unit_id)
+            if profile_org_units.exists():
+                for org_unit_id in org_unit_ids:
+                    if (
+                        org_unit_id not in managed_org_units
+                        and org_unit_id not in existing_org_unit_ids
+                        and not request.user.is_superuser
+                    ):
+                        raise PermissionDenied(
+                            f"User with {permission.USERS_MANAGED} cannot assign an OrgUnit outside of their own health "
+                            f"pyramid. Trying to assign {org_unit_id}."
+                        )
+                    filtered_org_unit_ids.append(org_unit_id)
 
         valid_ids = filtered_org_unit_ids or org_unit_ids
         org_units = OrgUnit.objects.filter(id__in=valid_ids)