Changed mediafile protection logic (closes #3707)
This commit is contained in:
parent
198e19d3d1
commit
2220856e5d
@ -81,7 +81,7 @@ def protected_serve(request, path, document_root=None, show_indexes=False):
|
||||
is_special_file = mediafile.is_logo() or mediafile.is_font()
|
||||
is_hidden_but_no_perms = mediafile.hidden and not has_perm(request.user, 'mediafiles.can_see_hidden')
|
||||
|
||||
if not can_see or (is_hidden_but_no_perms and not is_special_file):
|
||||
if not is_special_file and (not can_see or is_hidden_but_no_perms):
|
||||
return HttpResponseForbidden(content="Forbidden.")
|
||||
else:
|
||||
return serve(request, path, document_root, show_indexes)
|
||||
|
Loading…
Reference in New Issue
Block a user