Conservancy/symposion_app
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #7 from faulteh/lca2017

Browse source 
Only allow managers of the review sections to email the speaker
This commit is contained in:
Scott Bragg 2016-06-14 09:39:44 +10:00 committed by GitHub
commit 85d4272080
2 changed files with 19 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
symposion/reviews/views.py
View file

@ -185,7 +185,7 @@ def review_detail(request, pk):
if not request.user.is_superuser and request.user in speakers: if not request.user.is_superuser and request.user in speakers:
return access_not_permitted(request) return access_not_permitted(request)
admin = request.user.is_staff admin = request.user.has_perm("reviews.can_manage_%s" % proposal.kind.section.slug)
try: try:
latest_vote = LatestVote.objects.get(proposal=proposal, user=request.user) latest_vote = LatestVote.objects.get(proposal=proposal, user=request.user)
@ -208,7 +208,7 @@ def review_detail(request, pk):
return redirect(request.path) return redirect(request.path)
else: else:
message_form = SpeakerCommentForm() message_form = SpeakerCommentForm()
elif "message_submit" in request.POST: elif "message_submit" in request.POST and admin:
message_form = SpeakerCommentForm(request.POST) message_form = SpeakerCommentForm(request.POST)
if message_form.is_valid(): if message_form.is_valid():
@ -282,7 +282,8 @@ def review_detail(request, pk):
"reviews": reviews, "reviews": reviews,
"review_messages": messages, "review_messages": messages,
"review_form": review_form, "review_form": review_form,
"message_form": message_form "message_form": message_form,
"is_manager": admin
}) })

16
symposion/teams/backends.py
View file

@ -16,15 +16,27 @@ class TeamPermissionsBackend(object):
if user_obj.is_anonymous() or obj is not None: if user_obj.is_anonymous() or obj is not None:
return set() return set()
if not hasattr(user_obj, "_team_perm_cache"): if not hasattr(user_obj, "_team_perm_cache"):
# Member permissions
memberships = Team.objects.filter( memberships = Team.objects.filter(
Q(memberships__user=user_obj), Q(memberships__user=user_obj),
Q(memberships__state="manager") | Q(memberships__state="member"), Q(memberships__state="member"),
) )
perms = memberships.values_list( perms = memberships.values_list(
"permissions__content_type__app_label", "permissions__content_type__app_label",
"permissions__codename" "permissions__codename"
).order_by() ).order_by()
user_obj._team_perm_cache = set(["%s.%s" % (ct, name) for ct, name in perms]) permissions = ["%s.%s" % (ct, name) for ct, name in perms]
# Manager permissions
memberships = Team.objects.filter(
Q(memberships__user=user_obj),
Q(memberships__state="manager"),
)
perms = memberships.values_list(
"manager_permissions__content_type__app_label",
"manager_permissions__codename"
).order_by()
permissions += ["%s.%s" % (ct, name) for ct, name in perms]
user_obj._team_perm_cache = set(permissions)
return user_obj._team_perm_cache return user_obj._team_perm_cache
def has_perm(self, user_obj, perm, obj=None): def has_perm(self, user_obj, perm, obj=None):