From ebce671202589c7362a99424c96fb8a9dad5cd3a Mon Sep 17 00:00:00 2001
From: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
Date: Fri, 5 Dec 2025 13:51:56 -0700
Subject: [PATCH] fix: Add null check for engagement in permission validation
 for Risk Acceptance

---
 dojo/authorization/authorization.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/dojo/authorization/authorization.py b/dojo/authorization/authorization.py
index 3e166013576..4110b965db1 100644
--- a/dojo/authorization/authorization.py
+++ b/dojo/authorization/authorization.py
@@ -100,7 +100,9 @@ def user_has_permission(user, obj, permission):
         isinstance(obj, Risk_Acceptance)
         and permission == Permissions.Risk_Acceptance
     ):
-        return user_has_permission(user, obj.engagement.product, permission)
+        if obj.engagement is not None:
+            return user_has_permission(user, obj.engagement.product, permission)
+        return user_has_global_permission(user, permission)
     if ((
         isinstance(obj, Finding | Stub_Finding)
     ) and permission in Permissions.get_finding_permissions()) or (