From 7de1763de0d05a6f75a78b8046c0cc9a03d67a76 2012-08-02 14:27:34
From: James Tauber <jtauber@jtauber.com>
Date: 2012-08-02 14:27:34
Subject: [PATCH] team permission checks now let staff in

---

diff --git a/symposion/teams/views.py b/symposion/teams/views.py
index 0227d8d5da7eedfb46538b6d9a243e84bad4509d..5561fa41233e2b15c06aa4b3f3bb47301feecb7f 100644
--- a/symposion/teams/views.py
+++ b/symposion/teams/views.py
@@ -17,6 +17,8 @@ def can_join(team, user):
         return True
     elif team.access == "invitation" and state is "invited":
         return True
+    elif user.is_staff and state is None:
+        return True
     else:
         return False
 
@@ -33,6 +35,8 @@ def can_apply(team, user):
     state = team.get_state_for_user(user)
     if team.access == "application" and state is None:
         return True
+    elif user.is_staff and state is None:
+        return True
     else:
         return False
 
@@ -44,7 +48,7 @@ def can_apply(team, user):
 def team_detail(request, slug):
     team = get_object_or_404(Team, slug=slug)
     state = team.get_state_for_user(request.user)
-    if team.access == "invitation" and state is None:
+    if team.access == "invitation" and state is None and request.user.is_staff:
         raise Http404()
     
     return render(request, "teams/team_detail.html", {
@@ -60,7 +64,7 @@ def team_detail(request, slug):
 def team_join(request, slug):
     team = get_object_or_404(Team, slug=slug)
     state = team.get_state_for_user(request.user)
-    if team.access == "invitation" and state is None:
+    if team.access == "invitation" and state is None and request.user.is_staff:
         raise Http404()
     
     if can_join(team, request.user) and request.method == "POST":
@@ -77,7 +81,7 @@ def team_join(request, slug):
 def team_leave(request, slug):
     team = get_object_or_404(Team, slug=slug)
     state = team.get_state_for_user(request.user)
-    if team.access == "invitation" and state is None:
+    if team.access == "invitation" and state is None and request.user.is_staff:
         raise Http404()
     
     if can_leave(team, request.user) and request.method == "POST":
@@ -93,7 +97,7 @@ def team_leave(request, slug):
 def team_apply(request, slug):
     team = get_object_or_404(Team, slug=slug)
     state = team.get_state_for_user(request.user)
-    if team.access == "invitation" and state is None:
+    if team.access == "invitation" and state is None and request.user.is_staff:
         raise Http404()
     
     if can_apply(team, request.user) and request.method == "POST":