symposion_app Changeset - 6b41b5c4773c

Changeset - 6b41b5c4773c

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Martey Dodoo - 8 years ago 2016-02-20 13:39:12
martey@mobolic.com

Don't show unpublished schedule info to non-staff.

Add checks to schedule_list, schedule_list_csv, and
schedule_presentation_detail views to verify that either schedule is
published or that current user is staff before displaying information.

See c7592bc33e2626d84ec46fe1e7ba8e05c73ef74c.

1 file changed with 6 insertions and 0 deletions:

symposion/schedule/views.py

0 comments (0 inline, 0 general)

symposion/schedule/views.py

➞

Show inline comments

@@ ... / @@ -71,2 +71,4 @@ def schedule_list(request, slug=None): @@
     schedule = fetch_schedule(slug)
     if not schedule.published and not request.user.is_staff:
         raise Http404()
@@ ... / @@ -84,2 +86,4 @@ def schedule_list_csv(request, slug=None): @@
     schedule = fetch_schedule(slug)
     if not schedule.published and not request.user.is_staff:
         raise Http404()
@@ ... / @@ -171,2 +175,4 @@ def schedule_presentation_detail(request, pk): @@
         schedule = presentation.slot.day.schedule
         if not schedule.published and not request.user.is_staff:
             raise Http404()
     else:

0 comments (0 inline, 0 general)