From c99d961ef1295eb01ec5f286f12584b11ca5b3bb Mon Sep 17 00:00:00 2001
From: Yann Sionneau <yann@sionneau.net>
Date: Wed, 10 Jun 2020 22:56:27 +0200
Subject: [PATCH] Correctly check for permissions on user owned petitions for
 transferring petitions

---
 pytition/petition/views.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pytition/petition/views.py b/pytition/petition/views.py
index ce6b6d1e..624631ae 100644
--- a/pytition/petition/views.py
+++ b/pytition/petition/views.py
@@ -1623,6 +1623,9 @@ def transfer_petition(request, petition_id):
             messages.error(request, _("You don't have the permission to transfer a petition from Organization '{}'"
                                       .format(petition.owner)))
             return redirect("org_dashboard", petition.owner)
+    elif petition.owner_type == "user" and petition.user != pytitionuser:
+        messages.error(request, _("You don't have the permission to transfer this petition"))
+        return redirect("user_dashboard")
 
     if petition.owner_type == "org":
         ctx['base_template'] = 'petition/org_base.html'