I've checked tests and there is no case when this situation is tested.
Fix will be really simple because it looks like this particular condition was overlooked in some kind of refactoring:
# include all perms if user is the owner of this resource
if instance.owner_user_id == user.id:
perms.append(
PermissionTuple(user, ALL_PERMISSIONS, "user", None, instance, True, True) # Missing positional argument
)
Hi,
When requesting user is the owner of the resource, an incorrect tuple is about to be created.
Trival steps to reproduce the error. If it will not enough I will add some more code.
Causes:
I've checked tests and there is no case when this situation is tested. Fix will be really simple because it looks like this particular condition was overlooked in some kind of refactoring:
Affected version: