Always provide the list of speakers (closes #3003)

CHANGELOG

@@ -15,6 +15,7 @@ Agenda:
 - Added option to choose whether to show the current list of speakers slide
   as a slide or an overlay.
 - Manage speakers on the current list of speakers view.
+- List of speakers for hidden items is always visible.
 
 Core:
 - Added support for multiple projectors.

openslides/agenda/access_permissions.py

@@ -27,17 +27,29 @@ class ItemAccessPermissions(BaseAccessPermissions):
         Returns the restricted serialized data for the instance prepared
         for the user.
         """
-        if (has_perm(user, 'agenda.can_see') and
+        if has_perm(user, 'agenda.can_see'):
-            (not full_data['is_hidden'] or
+            if full_data['is_hidden'] and not has_perm(user, 'agenda.can_see_hidden_items'):
-             has_perm(user, 'agenda.can_see_hidden_items'))):
+                # The data is hidden but the user isn't allowed to see it. Jst pass
-            if has_perm(user, 'agenda.can_manage'):
+                # the whitelisted keys so the list of speakers is provided regardless.
-                data = full_data
+                whitelist = (
-            else:
+                    'id',
-                # Strip out item comments for unprivileged users.
+                    'title',
+                    'speakers',
+                    'speaker_list_closed',
+                    'content_object',)
                 data = {}
                 for key in full_data.keys():
-                    if key != 'comment':
+                    if key in whitelist:
                         data[key] = full_data[key]
+            else:
+                if has_perm(user, 'agenda.can_manage'):
+                    data = full_data
+                else:
+                    # Strip out item comments for unprivileged users.
+                    data = {}
+                    for key in full_data.keys():
+                        if key != 'comment':
+                            data[key] = full_data[key]
         else:
             data = None
         return data

openslides/agenda/static/js/agenda/site.js

@@ -103,7 +103,13 @@ angular.module('OpenSlidesApp.agenda.site', [
         $scope.$watch(function () {
             return Agenda.lastModified();
         }, function () {
-            $scope.items = AgendaTree.getFlatTree(Agenda.getAll());
+            // Filter out items that doesn't have the list_item_title. This happens, if the
+            // item is a hidden item but provides the list of speakers, but should not be
+            // visible in the list view.
+            var allowedItems = _.filter(Agenda.getAll(), function (item) {
+                return item.list_view_title;
+            });
+            $scope.items = AgendaTree.getFlatTree(allowedItems);
             var subitems = $filter('filter')($scope.items, {'parent_id': ''});
             if (subitems.length) {
                 $scope.agendaHasSubitems = true;

tests/integration/agenda/test_viewset.py

@@ -41,7 +41,25 @@ class RetrieveItem(TestCase):
         permission = group.permissions.get(content_type__app_label=app_label, codename=codename)
         group.permissions.remove(permission)
         response = self.client.get(reverse('item-detail', args=[self.item.pk]))
-        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(sorted(response.data.keys()), sorted((
+            'id',
+            'title',
+            'speakers',
+            'speaker_list_closed',
+            'content_object',)))
+        forbidden_keys = (
+            'item_number',
+            'list_view_title',
+            'comment',
+            'closed',
+            'type',
+            'is_hidden',
+            'duration',
+            'weight',
+            'parent',)
+        for key in forbidden_keys:
+            self.assertFalse(key in response.data.keys())
 
     def test_normal_by_anonymous_cant_see_agenda_comments(self):
         self.item.type = Item.AGENDA_ITEM