From b790426881a4f98cb79723277a81f1ea6bf66691 Mon Sep 17 00:00:00 2001
From: Ernst Odolphi <ernst@onepercentclub.com>
Date: Wed, 20 Jan 2016 14:01:45 +0100
Subject: [PATCH 1/3] Fix IsOrderCreator working for orders, payments and
 donations

---
 bluebottle/bb_orders/permissions.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/bluebottle/bb_orders/permissions.py b/bluebottle/bb_orders/permissions.py
index 86b8679a6a..d0b4622a2d 100644
--- a/bluebottle/bb_orders/permissions.py
+++ b/bluebottle/bb_orders/permissions.py
@@ -27,10 +27,8 @@ class IsOrderCreator(permissions.BasePermission):
     """
 
     def has_object_permission(self, request, view, obj):
-        # Use duck typing to check if we have an order or a payment.
-        if hasattr(obj, 'user'):
-            order = obj
-        else:
+        # Use duck typing to check if we have an order or a payment/donation.
+        if hasattr(obj, 'order'):
             order = obj.order
 
         # Permission is granted if:

From b4fbfab2bc26562e54468a79e7588495bb090acb Mon Sep 17 00:00:00 2001
From: Ernst Odolphi <ernst@onepercentclub.com>
Date: Wed, 20 Jan 2016 15:09:12 +0100
Subject: [PATCH 2/3] ... And fix silly mistake

---
 bluebottle/bb_orders/permissions.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/bluebottle/bb_orders/permissions.py b/bluebottle/bb_orders/permissions.py
index d0b4622a2d..a658445eb2 100644
--- a/bluebottle/bb_orders/permissions.py
+++ b/bluebottle/bb_orders/permissions.py
@@ -30,6 +30,8 @@ def has_object_permission(self, request, view, obj):
         # Use duck typing to check if we have an order or a payment/donation.
         if hasattr(obj, 'order'):
             order = obj.order
+        else:
+            order = order
 
         # Permission is granted if:
         #   * the order user is the logged in user

From 7c8a5c3a7546796d12cc329beaa89ecadfcb1993 Mon Sep 17 00:00:00 2001
From: Ernst Odolphi <ernst@onepercentclub.com>
Date: Wed, 20 Jan 2016 15:20:19 +0100
Subject: [PATCH 3/3] ... And fix silly mistake

---
 bluebottle/bb_orders/permissions.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bluebottle/bb_orders/permissions.py b/bluebottle/bb_orders/permissions.py
index a658445eb2..17fd01125a 100644
--- a/bluebottle/bb_orders/permissions.py
+++ b/bluebottle/bb_orders/permissions.py
@@ -31,7 +31,7 @@ def has_object_permission(self, request, view, obj):
         if hasattr(obj, 'order'):
             order = obj.order
         else:
-            order = order
+            order = obj
 
         # Permission is granted if:
         #   * the order user is the logged in user