symposion_app Changeset - 6b41b5c4773c

Changeset - 6b41b5c4773c

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Martey Dodoo - 8 years ago 2016-02-20 13:39:12
martey@mobolic.com

Don't show unpublished schedule info to non-staff.

Add checks to schedule_list, schedule_list_csv, and
schedule_presentation_detail views to verify that either schedule is
published or that current user is staff before displaying information.

See c7592bc33e2626d84ec46fe1e7ba8e05c73ef74c.

1 file changed with 6 insertions and 0 deletions:

symposion/schedule/views.py

0 comments (0 inline, 0 general)

symposion/schedule/views.py

➞

Show inline comments

@@ ... / @@ -69,6 +69,8 @@ def schedule_detail(request, slug=None): @@
 def schedule_list(request, slug=None):
     schedule = fetch_schedule(slug)
     if not schedule.published and not request.user.is_staff:
         raise Http404()
     presentations = Presentation.objects.filter(section=schedule.section)
     presentations = presentations.exclude(cancelled=True)
@@ ... / @@ -82,6 +84,8 @@ def schedule_list(request, slug=None): @@
 def schedule_list_csv(request, slug=None):
     schedule = fetch_schedule(slug)
     if not schedule.published and not request.user.is_staff:
         raise Http404()
     presentations = Presentation.objects.filter(section=schedule.section)
     presentations = presentations.exclude(cancelled=True).order_by("id")
@@ ... / @@ -169,6 +173,8 @@ def schedule_presentation_detail(request, pk): @@
     presentation = get_object_or_404(Presentation, pk=pk)
     if presentation.slot:
         schedule = presentation.slot.day.schedule
         if not schedule.published and not request.user.is_staff:
             raise Http404()
     else:
         schedule = None

0 comments (0 inline, 0 general)