From 0746215c5e552cf7d5c0867178acaf994e3a0437 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Wed, 17 Jul 2024 08:58:49 +0200
Subject: [PATCH] fix(permissions): do not deny editing approved strings
 without reviews

This might happen after disabling reviews and having approved strings.
On the other side we don't want to wipe out approved states immediatelly
in case user is doing some more changes (for example changing
per-language workflows).

Fixes #12075
---
 weblate/auth/permissions.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/weblate/auth/permissions.py b/weblate/auth/permissions.py
index 9b238fc6ac19..c790ca9ab1ba 100644
--- a/weblate/auth/permissions.py
+++ b/weblate/auth/permissions.py
@@ -252,8 +252,12 @@ def check_edit_approved(user: User, permission: str, obj: Model):
             if not unit.source_unit.translated:
                 return Denied(gettext("The source string needs review."))
             return Denied(gettext("The string is read only."))
-        if unit.approved and not check_unit_review(
-            user, "unit.review", obj, skip_enabled=True
+        # Ignore approved state if review is not disabled. This might
+        # happen after disabling them.
+        if (
+            unit.approved
+            and obj.enable_review
+            and not check_unit_review(user, "unit.review", obj, skip_enabled=True)
         ):
             return Denied(
                 gettext(