rdmorganiser · jochenklar · Oct 30, 2025 · Oct 21, 2025 · Oct 29, 2025 · Oct 30, 2025
diff --git a/rdmo/projects/assets/js/interview/components/main/page/Page.js b/rdmo/projects/assets/js/interview/components/main/page/Page.js
@@ -46,7 +46,12 @@ const Page = ({ config, settings, templates, overview, page, sets, values, fetch
     }
   }, [page.id])
 
-  const isManager = (overview.is_superuser || overview.is_editor || overview.is_reviewer)
+  const isManager = overview.permissions?.can_view_management
+  const disabled = (
+    !overview.permissions?.can_add_value ||
+    !overview.permissions?.can_change_value ||
+    !overview.permissions?.can_delete_value
+  )
 
   return (
     <div className="interview-page">
@@ -58,7 +63,7 @@ const Page = ({ config, settings, templates, overview, page, sets, values, fetch
         page={page}
         sets={sets.filter((set) => (set.set_prefix == currentSetPrefix) && (set.element == page))}
         values={isNil(page.attribute) ? [] : values.filter((value) => (value.attribute == page.attribute))}
-        disabled={overview.read_only}
+        disabled={disabled}
         currentSet={currentSet}
         activateSet={activateSet}
         createSet={createSet}
@@ -81,7 +86,7 @@ const Page = ({ config, settings, templates, overview, page, sets, values, fetch
                     questionset={element}
                     sets={sets}
                     values={values.filter((value) => element.attributes.includes(value.attribute))}
-                    disabled={overview.read_only}
+                    disabled={disabled}
                     isManager={isManager}
                     parentSet={currentSet}
                     createSet={createSet}
@@ -117,7 +122,7 @@ const Page = ({ config, settings, templates, overview, page, sets, values, fetch
                       value.set_prefix == currentSetPrefix &&
                       value.set_index != currentSetIndex
                     ))}
-                    disabled={overview.read_only}
+                    disabled={disabled}
                     isManager={isManager}
                     currentSet={currentSet}
                     createValue={createValue}

diff --git a/rdmo/projects/assets/js/interview/components/sidebar/Overview.js b/rdmo/projects/assets/js/interview/components/sidebar/Overview.js
@@ -7,7 +7,12 @@ import Html from 'rdmo/core/assets/js/components/Html'
 
 const Overview = ({ config, overview, help, configActions }) => {
 
-  const isManager = (overview.is_superuser || overview.is_editor || overview.is_reviewer)
+  const isManager = overview.permissions?.can_view_management
+  const readOnly = (
+    !overview.permissions?.can_add_value ||
+    !overview.permissions?.can_change_value ||
+    !overview.permissions?.can_delete_value
+  )
 
   const projectsUrl = `${baseUrl}/projects/`
   const projectUrl = `${baseUrl}/projects/${overview.id}`
@@ -44,7 +49,7 @@ const Overview = ({ config, overview, help, configActions }) => {
         }
 
         {
-          overview.read_only && (
+          readOnly && (
             <p>
               <span className="badge badge-read-only" title={gettext('You don\'t have write access to this project.')}>
                 {gettext('read only')}

diff --git a/rdmo/projects/serializers/v1/overview.py b/rdmo/projects/serializers/v1/overview.py
@@ -1,7 +1,6 @@
 from rest_framework import serializers
 
 from rdmo.core.serializers import MarkdownSerializerMixin
-from rdmo.management.rules import is_editor, is_reviewer
 from rdmo.projects.models import Project
 from rdmo.questions.models import Catalog
 
@@ -24,44 +23,26 @@ class Meta:
 class ProjectOverviewSerializer(serializers.ModelSerializer):
 
     catalog = CatalogSerializer()
-    read_only = serializers.SerializerMethodField()
 
-    is_superuser = serializers.SerializerMethodField()
-    is_editor = serializers.SerializerMethodField()
-    is_reviewer = serializers.SerializerMethodField()
+    permissions = serializers.SerializerMethodField()
 
     class Meta:
         model = Project
         fields = (
             'id',
             'title',
             'catalog',
-            'read_only',
-            'is_superuser',
-            'is_editor',
-            'is_reviewer',
+            'permissions',
             'created',
             'updated'
         )
 
-    def get_read_only(self, obj):
+    def get_permissions(self, obj):
         request = self.context.get('request')
-
         if request:
-            return not (request.user.has_perm('projects.add_value_object', obj) and
-                        request.user.has_perm('projects.change_value_object', obj) and
-                        request.user.has_perm('projects.delete_value_object', obj))
-        else:
-            return True
-
-    def get_is_superuser(self, obj):
-        request = self.context.get('request')
-        return request.user.is_superuser
-
-    def get_is_editor(self, obj):
-        request = self.context.get('request')
-        return is_editor(request.user)
-
-    def get_is_reviewer(self, obj):
-        request = self.context.get('request')
-        return is_reviewer(request.user)
+            return {
+                'can_add_value': request.user.has_perm('projects.add_value_object', obj),
+                'can_change_value': request.user.has_perm('projects.change_value_object', obj),
+                'can_delete_value': request.user.has_perm('projects.delete_value_object', obj),
+                'can_view_management': request.user.has_perm('management.view_management', obj)
+            }