Changed mediafile protection logic (closes #3707)

This commit is contained in:
FinnStutzenstein 2018-04-24 10:33:50 +02:00 committed by Emanuel Schütze
parent 198e19d3d1
commit 2220856e5d

View File

@ -81,7 +81,7 @@ def protected_serve(request, path, document_root=None, show_indexes=False):
is_special_file = mediafile.is_logo() or mediafile.is_font() is_special_file = mediafile.is_logo() or mediafile.is_font()
is_hidden_but_no_perms = mediafile.hidden and not has_perm(request.user, 'mediafiles.can_see_hidden') is_hidden_but_no_perms = mediafile.hidden and not has_perm(request.user, 'mediafiles.can_see_hidden')
if not can_see or (is_hidden_but_no_perms and not is_special_file): if not is_special_file and (not can_see or is_hidden_but_no_perms):
return HttpResponseForbidden(content="Forbidden.") return HttpResponseForbidden(content="Forbidden.")
else: else:
return serve(request, path, document_root, show_indexes) return serve(request, path, document_root, show_indexes)