symposion_app Changeset - 6b41b5c4773c

Changeset - 6b41b5c4773c

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Martey Dodoo - 8 years ago 2016-02-20 13:39:12
martey@mobolic.com

Don't show unpublished schedule info to non-staff.

Add checks to schedule_list, schedule_list_csv, and
schedule_presentation_detail views to verify that either schedule is
published or that current user is staff before displaying information.

See c7592bc33e2626d84ec46fe1e7ba8e05c73ef74c.

1 file changed with 6 insertions and 0 deletions:

symposion/schedule/views.py

0 comments (0 inline, 0 general)

symposion/schedule/views.py

➞

Show inline comments

@@ ... / @@ -60,37 +60,41 @@ def schedule_detail(request, slug=None): @@
     days_qs = Day.objects.filter(schedule=schedule)
     days = [TimeTable(day) for day in days_qs]
     ctx = {
         "schedule": schedule,
         "days": days,
+    }
     return render(request, "symposion/schedule/schedule_detail.html", ctx)
 def schedule_list(request, slug=None):
     schedule = fetch_schedule(slug)
     if not schedule.published and not request.user.is_staff:
         raise Http404()
     presentations = Presentation.objects.filter(section=schedule.section)
     presentations = presentations.exclude(cancelled=True)
     ctx = {
         "schedule": schedule,
         "presentations": presentations,
+    }
     return render(request, "symposion/schedule/schedule_list.html", ctx)
 def schedule_list_csv(request, slug=None):
     schedule = fetch_schedule(slug)
     if not schedule.published and not request.user.is_staff:
         raise Http404()
     presentations = Presentation.objects.filter(section=schedule.section)
     presentations = presentations.exclude(cancelled=True).order_by("id")
     response = HttpResponse(content_type="text/csv")
     if slug:
         file_slug = slug
     else:
         file_slug = "presentations"
     response["Content-Disposition"] = 'attachment; filename="%s.csv"' % file_slug
     response.write(loader.get_template("symposion/schedule/schedule_list.csv").render(Context({
@@ ... / @@ -160,24 +164,26 @@ def schedule_slot_edit(request, slug, slot_pk): @@
             "slug": slug,
             "form": form,
             "slot": slot,
+        }
         return render(request, "symposion/schedule/_slot_edit.html", ctx)
 def schedule_presentation_detail(request, pk):
     presentation = get_object_or_404(Presentation, pk=pk)
     if presentation.slot:
         schedule = presentation.slot.day.schedule
         if not schedule.published and not request.user.is_staff:
             raise Http404()
     else:
         schedule = None
     ctx = {
         "presentation": presentation,
         "schedule": schedule,
+    }
     return render(request, "symposion/schedule/presentation_detail.html", ctx)
 def schedule_json(request):
     slots = Slot.objects.filter(

0 comments (0 inline, 0 general)