From cabac18f33119b6c84dafb71163ae82940471a4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Tue, 11 Oct 2016 14:15:04 +0200
Subject: [PATCH] Prevent 403 when user doesn't have access enough to fetch
 project users.

---
 attract/tasks/routes.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/attract/tasks/routes.py b/attract/tasks/routes.py
index 25bc8a0..1e481c7 100644
--- a/attract/tasks/routes.py
+++ b/attract/tasks/routes.py
@@ -5,6 +5,7 @@ import flask
 import flask_login
 
 import pillarsdk
+import pillarsdk.exceptions as sdk_exceptions
 from pillar.web.system_util import pillar_api
 import pillar.api.utils
 
@@ -60,8 +61,11 @@ def view_task(project, attract_props, task_id):
     task = pillarsdk.Node.find(task_id, api=api)
     node_type = project.get_node_type(node_type_task['name'])
     # Fetch project users so that we can assign them tasks
-    users = project.get_users(api=api)
-    project.users = users['_items']
+    try:
+        users = project.get_users(api=api)
+        project.users = users['_items']
+    except sdk_exceptions.ForbiddenAccess:
+        project.users = []
 
     return render_template('attract/tasks/view_task_embed.html',
                            task=task,