ag-admin/OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixted permissions for editing an application

Browse Source 
The suppmitter could edit an application after it was finished by
manipulating the url
This commit is contained in:
Oskar Hahn 2012-09-13 12:09:17 +02:00
parent b15d70d13d
commit 48a992119a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openslides/application/views.py
View File

@ -182,8 +182,8 @@ def edit(request, application_id=None):
return redirect(reverse('application_overview')) return redirect(reverse('application_overview'))
if application_id is not None: if application_id is not None:
application = Application.objects.get(id=application_id) application = Application.objects.get(id=application_id)
if not request.user == application.submitter and not is_manager: if not 'edit' in application.get_allowed_actions(request.user):
messages.error(request, _("You can not edit this motion. You are not the submitter.")) messages.error(request, _("You can not edit this motion."))
return redirect(reverse('application_view', args=[application.id])) return redirect(reverse('application_view', args=[application.id]))
actions = application.get_allowed_actions(user=request.user) actions = application.get_allowed_actions(user=request.user)
else: else: