From 25134e3a9521f1f4ebd07e3d5e797da6541cac2f Mon Sep 17 00:00:00 2001
From: Graeme Watt <Graeme.Watt@durham.ac.uk>
Date: Wed, 29 Nov 2023 17:23:44 +0000
Subject: [PATCH] records: don't check permissions if recid=None

* Upload permissions not relevant if creating a new Sandbox record.
* Fixes #735.
---
 hepdata/modules/records/views.py | 2 +-
 hepdata/version.py               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hepdata/modules/records/views.py b/hepdata/modules/records/views.py
index e26ba3aa..b13da287 100644
--- a/hepdata/modules/records/views.py
+++ b/hepdata/modules/records/views.py
@@ -804,7 +804,7 @@ def cli_upload():
     invitation_cookie = request.form['invitation_cookie'] if 'invitation_cookie' in request.form.keys() else None
 
     # Check the user has upload permissions for this record
-    if not has_upload_permissions(recid, user, is_sandbox):
+    if recid and not has_upload_permissions(recid, user, is_sandbox):
         return jsonify({
             "message": "Email {} does not correspond to a confirmed uploader for this record.".format(str(user_email))
         }), 403
diff --git a/hepdata/version.py b/hepdata/version.py
index 68cb6a91..fd3b7dab 100644
--- a/hepdata/version.py
+++ b/hepdata/version.py
@@ -28,4 +28,4 @@
 and parsed by ``setup.py``.
 """
 
-__version__ = "0.9.4dev20231115"
+__version__ = "0.9.4dev20231129"