symposion_app Changeset - 7de1763de0d0

Changeset - 7de1763de0d0

Parent rev.

Child rev.

[Not reviewed]

0 1 0

James Tauber - 12 years ago 2012-08-02 14:27:34
jtauber@jtauber.com

team permission checks now let staff in

1 file changed with 8 insertions and 4 deletions:

symposion/teams/views.py

0 comments (0 inline, 0 general)

symposion/teams/views.py

➞

Show inline comments

@@ ... / @@ -14,12 +14,14 @@ def can_join(team, user): @@
     state = team.get_state_for_user(user)
     if team.access == "open" and state is None:
         return True
     elif team.access == "invitation" and state is "invited":
         return True
     elif user.is_staff and state is None:
         return True
     else:
         return False
 def can_leave(team, user):
     state = team.get_state_for_user(user)
@@ ... / @@ -30,24 +32,26 @@ def can_leave(team, user): @@
 def can_apply(team, user):
     state = team.get_state_for_user(user)
     if team.access == "application" and state is None:
         return True
     elif user.is_staff and state is None:
         return True
     else:
         return False
 ## views
 @login_required
 def team_detail(request, slug):
     team = get_object_or_404(Team, slug=slug)
     state = team.get_state_for_user(request.user)
     if team.access == "invitation" and state is None:
+    if team.access == "invitation" and state is None and request.user.is_staff:
         raise Http404()
     return render(request, "teams/team_detail.html", {
         "team": team,
         "state": state,
         "can_join": can_join(team, request.user),
@@ ... / @@ -57,13 +61,13 @@ def team_detail(request, slug): @@
 @login_required
 def team_join(request, slug):
     team = get_object_or_404(Team, slug=slug)
     state = team.get_state_for_user(request.user)
     if team.access == "invitation" and state is None:
+    if team.access == "invitation" and state is None and request.user.is_staff:
         raise Http404()
     if can_join(team, request.user) and request.method == "POST":
         membership, created = Membership.objects.get_or_create(team=team, user=request.user)
         membership.state = "member"
         membership.save()
@@ ... / @@ -74,13 +78,13 @@ def team_join(request, slug): @@
 @login_required
 def team_leave(request, slug):
     team = get_object_or_404(Team, slug=slug)
     state = team.get_state_for_user(request.user)
     if team.access == "invitation" and state is None:
+    if team.access == "invitation" and state is None and request.user.is_staff:
         raise Http404()
     if can_leave(team, request.user) and request.method == "POST":
         membership = Membership.objects.get(team=team, user=request.user)
         membership.delete()
         # contrib.message
@@ ... / @@ -90,13 +94,13 @@ def team_leave(request, slug): @@
 @login_required
 def team_apply(request, slug):
     team = get_object_or_404(Team, slug=slug)
     state = team.get_state_for_user(request.user)
     if team.access == "invitation" and state is None:
+    if team.access == "invitation" and state is None and request.user.is_staff:
         raise Http404()
     if can_apply(team, request.user) and request.method == "POST":
         membership, created = Membership.objects.get_or_create(team=team, user=request.user)
         membership.state = "applied"
         membership.save()

0 comments (0 inline, 0 general)