diff --git a/apps/member/views.py b/apps/member/views.py
index 19be50ec0f79d24960023cf9a916723d20244131..73569c89cbfeb684933900d8124884cce8def507 100644
--- a/apps/member/views.py
+++ b/apps/member/views.py
@@ -70,10 +70,11 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
form.fields['email'].required = True
form.fields['email'].help_text = _("This address must be valid.")
- context['profile_form'] = self.profile_form(instance=context['user_object'].profile,
- data=self.request.POST if self.request.POST else None)
- if not self.object.profile.report_frequency:
- del context['profile_form'].fields["last_report"]
+ if PermissionBackend.check_perm(self.request.user, "member.change_profile", context['user_object'].profile):
+ context['profile_form'] = self.profile_form(instance=context['user_object'].profile,
+ data=self.request.POST if self.request.POST else None)
+ if not self.object.profile.report_frequency:
+ del context['profile_form'].fields["last_report"]
return context
diff --git a/apps/permission/views.py b/apps/permission/views.py
index d76a23510231eb889a82373a4a68718b9f2c655e..d77133d627e103b515bc3a1ea6a5c6c70ff9bbad 100644
--- a/apps/permission/views.py
+++ b/apps/permission/views.py
@@ -51,8 +51,10 @@ class ProtectQuerysetMixin:
# No worry if the user change the hidden fields: a 403 error will be performed if the user tries to make
# a custom request.
# We could also delete the field, but some views might be affected.
+ meta = form.instance._meta
for key in form.base_fields:
- if not PermissionBackend.check_perm(self.request.user, "wei.change_weiregistration_" + key, self.object):
+ if not PermissionBackend.check_perm(self.request.user,
+ f"{meta.app_label}.change_{meta.model_name}_" + key, self.object):
form.fields[key].widget = HiddenInput()
return form