From e7bf24cf10da8491e20ab947067b653868639fe3 Mon Sep 17 00:00:00 2001
From: Guillaume Pellerin <guillaume.pellerin@parisson.com>
Date: Fri, 15 May 2026 16:38:46 +0200
Subject: [PATCH] restrict profile view to own user

---
 lib/pdfannotator         |  2 +-
 teleforma/views/crfpa.py | 20 +++++++++++---------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/lib/pdfannotator b/lib/pdfannotator
index 70e1f183..1f161760 160000
--- a/lib/pdfannotator
+++ b/lib/pdfannotator
@@ -1 +1 @@
-Subproject commit 70e1f1833f63cb9105659b431357be580cdfc659
+Subproject commit 1f161760779798d79a9c0c073f15044c2bcc6e46
diff --git a/teleforma/views/crfpa.py b/teleforma/views/crfpa.py
index 1fca611c..738110e4 100644
--- a/teleforma/views/crfpa.py
+++ b/teleforma/views/crfpa.py
@@ -1188,17 +1188,19 @@ class CRFPAProfileView(ProfileView):
     @method_decorator(login_required)
     def profile_detail(self, request, username, template='teleforma/profile_detail.html'):
         user = User.objects.get(username=username)
-        try:
-            profile = user.get_profile()
-        except:
-            profile = None
         student = user.student.all()
         payment = None
-        if student and (user.username == request.user.username or request.user.is_superuser):
-            student = user.student.get()
-            payment = student.payments.order_by('-id').all()
-            if payment:
-                payment = payment[0]
+        profile = None
+        if student:
+            if user.username == request.user.username or request.user.is_superuser:
+                try:
+                    profile = user.get_profile()
+                except:
+                    profile = None
+                student = user.student.get()
+                payment = student.payments.order_by('-id').all()
+                if payment:
+                    payment = payment[0]
 
         return render(request, template, {'profile' : profile, 'usr': user, 'payment':payment})
 
-- 
2.47.3