From 5cefdb44fa3e76f84d06f9f6cc6e587f119221db Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Tue, 17 Nov 2015 11:34:40 +0100
Subject: [PATCH] api: admin can access all formdatas (#9005)

---
 wcs/api.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wcs/api.py b/wcs/api.py
index c63607a..874669d 100644
--- a/wcs/api.py
+++ b/wcs/api.py
@@ -149,6 +149,8 @@ class ApiFormdataPage(FormStatusPage):
             if get_request().user and get_request().user.is_admin:
                 return # grant access to admins, to ease debug
             raise AccessForbiddenError()
+        if api_user.is_admin:
+            return
         if not self.formdef.is_user_allowed_read_status_and_history(api_user, self.filled):
             raise AccessForbiddenError()
 
@@ -171,6 +173,8 @@ class ApiFormPage(BackofficeFormPage):
             if get_request().user and get_request().user.is_admin:
                 return # grant access to admins, to ease debug
             raise AccessForbiddenError()
+        if api_user.is_admin:
+            return
         if not self.formdef.is_of_concern_for_user(api_user):
             raise AccessForbiddenError()
 
-- 
2.1.4