diff --git a/conversations/urls.py b/conversations/urls.py index 5e0cc17..a3d19fc 100644 --- a/conversations/urls.py +++ b/conversations/urls.py @@ -4,9 +4,9 @@ from conversations import emails, views urlpatterns = [ url(r'^recv/$', emails.email_recv), - url(r'^inbox/$', views.conversation, name='inbox'), + url(r'^inbox/$', views.user_conversation, name='inbox'), url(r'^$', views.correspondents, name='correspondents'), - url(r'^with/(?P[\w.@+-]+)/$', views.conversation, name='conversation'), + url(r'^with/(?P[\w.@+-]+)/$', views.user_conversation, name='conversation'), url(r'^about/(?P[\w.@+-]+)/$', views.talk_conversation, name='talk-conversation'), url(r'^subscribe/(?P[\w.@+-]+)/$', views.subscribe, name='subscribe-conversation'), url(r'^unsubscribe/(?P[\w.@+-]+)/$', views.unsubscribe, name='unsubscribe-conversation'), diff --git a/conversations/views.py b/conversations/views.py index 964b2c5..96a73be 100644 --- a/conversations/views.py +++ b/conversations/views.py @@ -13,10 +13,11 @@ from .forms import MessageForm @login_required -def conversation(request, username=None): +def user_conversation(request, username=None): if username: - if not request.user.is_superuser: + p = Participation.objects.get(user=request.user) + if not p.is_staff() and not p.is_orga(): raise PermissionDenied() user = get_object_or_404(User, username=username) template = 'conversations/conversation.html'