Bulk: Fix permission check for changing flags

The flags can be changed also on the read only strings.

Fixes #4399

weblate/trans/bulk.py

@@ -55,35 +55,45 @@ def bulk_perform(
                 translation__component=component
             ).select_for_update()
 
+            can_edit_source = user is None or user.has_perm("source.edit", component)
+
             for unit in component_units:
-                if user is not None and not user.has_perm("unit.edit", unit):
-                    continue
-                updated += 1
+                changed = False
+
                 if (
                     target_state != -1
+                    and (user is None or user.has_perm("unit.edit", unit))
                     and target_state != unit.state
                     and unit.state in EDITABLE_STATES
                 ):
                     # Create change object for edit, update is done outside the looop
                     unit.generate_change(
                         user, user, Change.ACTION_BULK_EDIT, check_new=False
                     )
+                    changed = True
+
+                if can_edit_source:
+                    if add_flags or remove_flags:
+                        flags = Flags(unit.source_info.extra_flags)
+                        flags.merge(add_flags)
+                        flags.remove(remove_flags)
+                        unit.source_info.is_bulk_edit = True
+                        unit.source_info.extra_flags = flags.format()
+                        unit.source_info.save(update_fields=["extra_flags"])
+                        changed = True
+
+                    if add_labels:
+                        unit.source_info.is_bulk_edit = True
+                        unit.source_info.labels.add(*add_labels)
+                        changed = True
+
+                    if remove_labels:
+                        unit.source_info.is_bulk_edit = True
+                        unit.source_info.labels.remove(*remove_labels)
+                        changed = True
 
-                if add_flags or remove_flags:
-                    flags = Flags(unit.source_info.extra_flags)
-                    flags.merge(add_flags)
-                    flags.remove(remove_flags)
-                    unit.source_info.is_bulk_edit = True
-                    unit.source_info.extra_flags = flags.format()
-                    unit.source_info.save(update_fields=["extra_flags"])
-
-                if add_labels:
-                    unit.source_info.is_bulk_edit = True
-                    unit.source_info.labels.add(*add_labels)
-
-                if remove_labels:
-                    unit.source_info.is_bulk_edit = True
-                    unit.source_info.labels.remove(*remove_labels)
+                if changed:
+                    updated += 1
 
             if target_state != -1:
                 component_units.filter(state__in=EDITABLE_STATES).exclude(

weblate/trans/tests/test_search.py

@@ -302,6 +302,24 @@ def test_bulk_flags(self):
         unit = self.get_unit()
         self.assertFalse("python-format" in unit.all_flags)
 
+    def test_bulk_read_only(self):
+        response = self.client.post(
+            reverse("bulk-edit", kwargs=self.kw_project),
+            {"q": "language:en", "state": -1, "add_flags": "read-only"},
+            follow=True,
+        )
+        self.assertContains(response, "Bulk edit completed, 4 strings were updated.")
+        unit = self.get_unit()
+        self.assertTrue("read-only" in unit.all_flags)
+        response = self.client.post(
+            reverse("bulk-edit", kwargs=self.kw_project),
+            {"q": "language:en", "state": -1, "remove_flags": "read-only"},
+            follow=True,
+        )
+        self.assertContains(response, "Bulk edit completed, 4 strings were updated.")
+        unit = self.get_unit()
+        self.assertFalse("read-only" in unit.all_flags)
+
     def test_bulk_labels(self):
         label = self.project.label_set.create(name="Test label", color="black")
         response = self.client.post(