From 74753b6c3540c9bbceaa9a237a6a955512e1a99e Mon Sep 17 00:00:00 2001
From: Henrik Levkowetz <henrik@levkowetz.com>
Date: Tue, 10 Jan 2017 20:51:00 +0000
Subject: [PATCH] Added a guard against an instance of queryset filtering using
 an object without primary key.  - Legacy-Id: 12640

---
 ietf/dbtemplate/views.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ietf/dbtemplate/views.py b/ietf/dbtemplate/views.py
index ec2a9bf3a..1e55fc11d 100644
--- a/ietf/dbtemplate/views.py
+++ b/ietf/dbtemplate/views.py
@@ -1,6 +1,8 @@
 from django.http import HttpResponseForbidden, HttpResponseRedirect
 from django.shortcuts import get_object_or_404, render
 
+import debug                            # pyflakes:ignore
+
 from ietf.dbtemplate.models import DBTemplate
 from ietf.dbtemplate.forms import DBTemplateForm
 from ietf.group.models import Group
@@ -25,7 +27,7 @@ def template_edit(request, acronym, template_id, base_template='dbtemplate/templ
     chairs = group.role_set.filter(name__slug='chair')
     extra_context = extra_context or {}
 
-    if not has_role(request.user, "Secretariat") and not chairs.filter(person__user=request.user).count():
+    if not has_role(request.user, "Secretariat") and not (request.user.id and chairs.filter(person__user=request.user).count()):
         return HttpResponseForbidden("You are not authorized to access this view")
 
     template = get_object_or_404(DBTemplate, id=template_id, group=group)