From 1cb22cea953de84dcf38b8458161f37a58a751a1 2012-08-25 23:52:07
From: Luke Hatcher <lukeman@gmail.com>
Date: 2012-08-25 23:52:07
Subject: [PATCH] restrict status view to reviewers
---

diff --git a/symposion/reviews/views.py b/symposion/reviews/views.py
index 683b6a1a612aaf8a18dca13975d26ad76dec1d09..7da34e4b93956be18d5bac6a78b2372db8760f10 100644
--- a/symposion/reviews/views.py
+++ b/symposion/reviews/views.py
@@ -275,6 +275,9 @@ def review_delete(request, pk):
 @login_required
 def review_status(request, section_slug=None, key=None):
     
+    if not request.user.has_perm("reviews.can_review_%s" % section_slug):
+        return access_not_permitted(request)
+    
     VOTE_THRESHOLD = settings.SYMPOSION_VOTE_THRESHOLD
     
     ctx = {