From 6832dd29f48023e7a89de6b530eeada0be3b9509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89lie=20Bouttier?= Date: Thu, 7 Jul 2016 13:52:25 +0200 Subject: [PATCH] fix messaging permission check --- conversations/urls.py | 4 ++-- conversations/views.py | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/conversations/urls.py b/conversations/urls.py index 5e0cc17..a3d19fc 100644 --- a/conversations/urls.py +++ b/conversations/urls.py @@ -4,9 +4,9 @@ from conversations import emails, views urlpatterns = [ url(r'^recv/$', emails.email_recv), - url(r'^inbox/$', views.conversation, name='inbox'), + url(r'^inbox/$', views.user_conversation, name='inbox'), url(r'^$', views.correspondents, name='correspondents'), - url(r'^with/(?P[\w.@+-]+)/$', views.conversation, name='conversation'), + url(r'^with/(?P[\w.@+-]+)/$', views.user_conversation, name='conversation'), url(r'^about/(?P[\w.@+-]+)/$', views.talk_conversation, name='talk-conversation'), url(r'^subscribe/(?P[\w.@+-]+)/$', views.subscribe, name='subscribe-conversation'), url(r'^unsubscribe/(?P[\w.@+-]+)/$', views.unsubscribe, name='unsubscribe-conversation'), diff --git a/conversations/views.py b/conversations/views.py index 964b2c5..96a73be 100644 --- a/conversations/views.py +++ b/conversations/views.py @@ -13,10 +13,11 @@ from .forms import MessageForm @login_required -def conversation(request, username=None): +def user_conversation(request, username=None): if username: - if not request.user.is_superuser: + p = Participation.objects.get(user=request.user) + if not p.is_staff() and not p.is_orga(): raise PermissionDenied() user = get_object_or_404(User, username=username) template = 'conversations/conversation.html'