From 58136f3c480e83573f492db73077eddcf6ffedef Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Wed, 9 Mar 2022 11:45:24 +0100
Subject: [PATCH] Fix permission checks in the /api/me view

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 apps/api/serializers.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/api/serializers.py b/apps/api/serializers.py
index d6403dd1..0bae937f 100644
--- a/apps/api/serializers.py
+++ b/apps/api/serializers.py
@@ -60,12 +60,12 @@ class OAuthSerializer(serializers.ModelSerializer):
     def get_profile(self, obj):
         # Display the profile of the user only if we have rights to see it.
         return ProfileSerializer().to_representation(obj.profile) \
-            if PermissionBackend.has_perm(get_current_request(), obj.profile, 'view') else None
+            if PermissionBackend.check_perm(get_current_request(), 'member.view_profile', obj.profile) else None
 
     def get_note(self, obj):
         # Display the note of the user only if we have rights to see it.
         return NoteSerializer().to_representation(obj.note) \
-            if PermissionBackend.has_perm(get_current_request(), obj.note, 'view') else None
+            if PermissionBackend.check_perm(get_current_request(), 'note.view_note', obj.note) else None
 
     def get_memberships(self, obj):
         # Display only memberships that we are allowed to see.