slight refactor; escape html strings before checking

Author: devo-wm

permafrost/permissions.py

@@ -74,9 +74,10 @@ def has_all_permissions(request, check_list=[]):
         qry['content_type__app_label'] =  app_label
         if codename:
             qry['codename'] = codename
-        perms = user_permissions.filter(**qry)
-        has_permission = True
-        if not perms:
+        
+        if user_permissions.filter(**qry):
+            has_permission = True
+        else:
             return False
 
     return has_permission

permafrost/tests.py

@@ -328,13 +328,14 @@ def test_manage_permafrost_roles_returns_correct_template(self):
 
     def test_permafrostrole_manage_template_displays_list_of_roles_on_site(self):
         uri = reverse('permafrost:roles-manage')
+        import html
         response = self.client.get(uri)
         objects = PermafrostRole.on_site.all()
 
         self.assertTrue(len(objects))
 
         for object in objects:
-            self.assertContains(response, f'{object}')
+            self.assertContains(response, html.escape(f'{object}'))
 
     def test_permafrostrole_manage_template_displays_selected_role_details(self):
         uri = reverse('permafrost:roles-manage')