CenterForOpenScience · adlius · Oct 2, 2025 · Sep 29, 2025
diff --git a/api/preprints/serializers.py b/api/preprints/serializers.py
@@ -53,6 +53,7 @@
 )
 from osf.utils import permissions as osf_permissions
 from osf.utils.workflows import DefaultStates
+from osf.models.contributor import get_user_permission
 
 
 class PrimaryFileRelationshipField(RelationshipField):
@@ -654,6 +655,7 @@ def validate_permission(self, value):
             user  # if user is None then probably we're trying to make bulk update and this validation is not relevant
             and preprint.machine_state == DefaultStates.INITIAL.value
             and preprint.creator_id == user.id
+            and get_user_permission(user, preprint) != value
         ):
             raise ValidationError(
                 'You cannot change your permission setting at this time. '

diff --git a/osf/models/contributor.py b/osf/models/contributor.py
@@ -103,11 +103,15 @@ def get_contributor_permission(contributor, resource):
     """
     Returns a contributor's permissions - perms through contributorship only. No permissions through osf group membership.
     """
+    return get_user_permission(contributor.user, resource)
+
+
+def get_user_permission(user, resource):
     read = resource.format_group(permissions.READ)
     write = resource.format_group(permissions.WRITE)
     admin = resource.format_group(permissions.ADMIN)
     # Checking for django group membership allows you to also get the intended permissions of unregistered contributors
-    user_groups = contributor.user.groups.filter(name__in=[read, write, admin]).values_list('name', flat=True)
+    user_groups = user.groups.filter(name__in=[read, write, admin]).values_list('name', flat=True)
     if admin in user_groups:
         return permissions.ADMIN
     elif write in user_groups: