From c10b074888b37b30596703549f34a58b6d2f9e82 Mon Sep 17 00:00:00 2001
From: Bryan Larson <bryan_larson@hms.harvard.edu>
Date: Wed, 21 Aug 2024 14:02:40 -0600
Subject: [PATCH] fix(projects): Fixed an issue on DataProject view with
 un-authenticated user

---
 app/projects/views.py | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/app/projects/views.py b/app/projects/views.py
index 7d74c4c..82a18ba 100644
--- a/app/projects/views.py
+++ b/app/projects/views.py
@@ -800,7 +800,7 @@ def panel_institutional_official(self, context):
 
         try:
             # Check for an institutional official linked to this user
-            official = InstitutionalOfficial.objects.get(user=self.participant.user)
+            official = InstitutionalOfficial.objects.get(user=self.request.user)
 
             # Add to context
             additional_context["official"] = official
@@ -809,7 +809,7 @@ def panel_institutional_official(self, context):
 
         try:
             # Check for an institutional member linked to this user
-            member = InstitutionalMember.objects.get(user=self.participant.user)
+            member = InstitutionalMember.objects.get(email=self.request.user.email)
 
             # Add to context
             additional_context["member"] = member
@@ -933,16 +933,18 @@ def is_user_granted_access(self, context):
         """
         # Check for institutional access
         try:
-            member = InstitutionalMember.objects.get(official__project=self.project, email=self.request.user.email)
-            logger.debug(f"Institutional member found under official: {member.official.user.email}")
-
-            # Check if official has access
-            official_participant = Participant.objects.get(project=self.project, user=member.official.user)
-            if official_participant.permission == "VIEW":
-                logger.debug(f"Institutional official has access, granting access to member")
-                return True
-            else:
-                logger.debug(f"Institutional official does not have access")
+            # Only perform this check for authenticated users
+            if self.request.user.is_authenticated:
+                member = InstitutionalMember.objects.get(official__project=self.project, email=self.request.user.email)
+                logger.debug(f"Institutional member found under official: {member.official.user.email}")
+
+                # Check if official has access
+                official_participant = Participant.objects.get(project=self.project, user=member.official.user)
+                if official_participant.permission == "VIEW":
+                    logger.debug(f"Institutional official has access, granting access to member")
+                    return True
+                else:
+                    logger.debug(f"Institutional official does not have access")
 
         except ObjectDoesNotExist:
             logger.debug(f"No institutional member found")