From 1cb22cea953de84dcf38b8458161f37a58a751a1 Mon Sep 17 00:00:00 2001
From: Luke Hatcher <lukeman@gmail.com>
Date: Sat, 25 Aug 2012 19:52:07 -0400
Subject: [PATCH] restrict status view to reviewers

---
 symposion/reviews/views.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/symposion/reviews/views.py b/symposion/reviews/views.py
index 683b6a1a..7da34e4b 100644
--- a/symposion/reviews/views.py
+++ b/symposion/reviews/views.py
@@ -275,6 +275,9 @@ def review_delete(request, pk):
 @login_required
 def review_status(request, section_slug=None, key=None):
     
+    if not request.user.has_perm("reviews.can_review_%s" % section_slug):
+        return access_not_permitted(request)
+    
     VOTE_THRESHOLD = settings.SYMPOSION_VOTE_THRESHOLD
     
     ctx = {