From 13dc6fea8eeb05239f056ae3280fcc1f67da01ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Wed, 24 Jan 2018 14:57:30 +0100
Subject: [PATCH] Don't do DB query to inspect current user.

This is especially important for IP ranges on Organizations, which can
change user roles on the fly in memory.
---
 attract/auth.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/attract/auth.py b/attract/auth.py
index 24a017f..bb9a598 100644
--- a/attract/auth.py
+++ b/attract/auth.py
@@ -33,9 +33,9 @@ class Auth(object):
     def current_user_is_attract_user(self) -> bool:
         """Returns True iff the current user has Attract User role."""
 
-        from pillar.api.utils.authentication import current_user_id
+        from pillar.auth import current_user
 
-        return self.user_is_attract_user(current_user_id())
+        return current_user.has_cap('attract-use')
 
     def user_is_attract_user(self, user_id: bson.ObjectId) -> bool:
         """Returns True iff the user has Attract User role."""