diff --git a/CHANGELOG b/CHANGELOG index 064c2d41d..0502c88d5 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -15,6 +15,7 @@ Agenda: - Added option to choose whether to show the current list of speakers slide as a slide or an overlay. - Manage speakers on the current list of speakers view. +- List of speakers for hidden items is always visible. Core: - Added support for multiple projectors. diff --git a/openslides/agenda/access_permissions.py b/openslides/agenda/access_permissions.py index 1581d694e..c8de4f6d4 100644 --- a/openslides/agenda/access_permissions.py +++ b/openslides/agenda/access_permissions.py @@ -27,17 +27,29 @@ class ItemAccessPermissions(BaseAccessPermissions): Returns the restricted serialized data for the instance prepared for the user. """ - if (has_perm(user, 'agenda.can_see') and - (not full_data['is_hidden'] or - has_perm(user, 'agenda.can_see_hidden_items'))): - if has_perm(user, 'agenda.can_manage'): - data = full_data - else: - # Strip out item comments for unprivileged users. + if has_perm(user, 'agenda.can_see'): + if full_data['is_hidden'] and not has_perm(user, 'agenda.can_see_hidden_items'): + # The data is hidden but the user isn't allowed to see it. Jst pass + # the whitelisted keys so the list of speakers is provided regardless. + whitelist = ( + 'id', + 'title', + 'speakers', + 'speaker_list_closed', + 'content_object',) data = {} for key in full_data.keys(): - if key != 'comment': + if key in whitelist: data[key] = full_data[key] + else: + if has_perm(user, 'agenda.can_manage'): + data = full_data + else: + # Strip out item comments for unprivileged users. + data = {} + for key in full_data.keys(): + if key != 'comment': + data[key] = full_data[key] else: data = None return data diff --git a/openslides/agenda/static/js/agenda/site.js b/openslides/agenda/static/js/agenda/site.js index f9126ab06..43e4b70fa 100644 --- a/openslides/agenda/static/js/agenda/site.js +++ b/openslides/agenda/static/js/agenda/site.js @@ -103,7 +103,13 @@ angular.module('OpenSlidesApp.agenda.site', [ $scope.$watch(function () { return Agenda.lastModified(); }, function () { - $scope.items = AgendaTree.getFlatTree(Agenda.getAll()); + // Filter out items that doesn't have the list_item_title. This happens, if the + // item is a hidden item but provides the list of speakers, but should not be + // visible in the list view. + var allowedItems = _.filter(Agenda.getAll(), function (item) { + return item.list_view_title; + }); + $scope.items = AgendaTree.getFlatTree(allowedItems); var subitems = $filter('filter')($scope.items, {'parent_id': ''}); if (subitems.length) { $scope.agendaHasSubitems = true; diff --git a/tests/integration/agenda/test_viewset.py b/tests/integration/agenda/test_viewset.py index 1083d7c35..6144b6d22 100644 --- a/tests/integration/agenda/test_viewset.py +++ b/tests/integration/agenda/test_viewset.py @@ -41,7 +41,25 @@ class RetrieveItem(TestCase): permission = group.permissions.get(content_type__app_label=app_label, codename=codename) group.permissions.remove(permission) response = self.client.get(reverse('item-detail', args=[self.item.pk])) - self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + self.assertEqual(response.status_code, status.HTTP_200_OK) + self.assertEqual(sorted(response.data.keys()), sorted(( + 'id', + 'title', + 'speakers', + 'speaker_list_closed', + 'content_object',))) + forbidden_keys = ( + 'item_number', + 'list_view_title', + 'comment', + 'closed', + 'type', + 'is_hidden', + 'duration', + 'weight', + 'parent',) + for key in forbidden_keys: + self.assertFalse(key in response.data.keys()) def test_normal_by_anonymous_cant_see_agenda_comments(self): self.item.type = Item.AGENDA_ITEM