Always provide the list of speakers (closes #3003)

This commit is contained in:
FinnStutzenstein 2017-03-03 10:54:41 +01:00
parent ebf90e4217
commit 9fbbfe0f50
4 changed files with 47 additions and 10 deletions

View File

@ -15,6 +15,7 @@ Agenda:
- Added option to choose whether to show the current list of speakers slide - Added option to choose whether to show the current list of speakers slide
as a slide or an overlay. as a slide or an overlay.
- Manage speakers on the current list of speakers view. - Manage speakers on the current list of speakers view.
- List of speakers for hidden items is always visible.
Core: Core:
- Added support for multiple projectors. - Added support for multiple projectors.

View File

@ -27,17 +27,29 @@ class ItemAccessPermissions(BaseAccessPermissions):
Returns the restricted serialized data for the instance prepared Returns the restricted serialized data for the instance prepared
for the user. for the user.
""" """
if (has_perm(user, 'agenda.can_see') and if has_perm(user, 'agenda.can_see'):
(not full_data['is_hidden'] or if full_data['is_hidden'] and not has_perm(user, 'agenda.can_see_hidden_items'):
has_perm(user, 'agenda.can_see_hidden_items'))): # The data is hidden but the user isn't allowed to see it. Jst pass
if has_perm(user, 'agenda.can_manage'): # the whitelisted keys so the list of speakers is provided regardless.
data = full_data whitelist = (
else: 'id',
# Strip out item comments for unprivileged users. 'title',
'speakers',
'speaker_list_closed',
'content_object',)
data = {} data = {}
for key in full_data.keys(): for key in full_data.keys():
if key != 'comment': if key in whitelist:
data[key] = full_data[key] data[key] = full_data[key]
else:
if has_perm(user, 'agenda.can_manage'):
data = full_data
else:
# Strip out item comments for unprivileged users.
data = {}
for key in full_data.keys():
if key != 'comment':
data[key] = full_data[key]
else: else:
data = None data = None
return data return data

View File

@ -103,7 +103,13 @@ angular.module('OpenSlidesApp.agenda.site', [
$scope.$watch(function () { $scope.$watch(function () {
return Agenda.lastModified(); return Agenda.lastModified();
}, function () { }, function () {
$scope.items = AgendaTree.getFlatTree(Agenda.getAll()); // Filter out items that doesn't have the list_item_title. This happens, if the
// item is a hidden item but provides the list of speakers, but should not be
// visible in the list view.
var allowedItems = _.filter(Agenda.getAll(), function (item) {
return item.list_view_title;
});
$scope.items = AgendaTree.getFlatTree(allowedItems);
var subitems = $filter('filter')($scope.items, {'parent_id': ''}); var subitems = $filter('filter')($scope.items, {'parent_id': ''});
if (subitems.length) { if (subitems.length) {
$scope.agendaHasSubitems = true; $scope.agendaHasSubitems = true;

View File

@ -41,7 +41,25 @@ class RetrieveItem(TestCase):
permission = group.permissions.get(content_type__app_label=app_label, codename=codename) permission = group.permissions.get(content_type__app_label=app_label, codename=codename)
group.permissions.remove(permission) group.permissions.remove(permission)
response = self.client.get(reverse('item-detail', args=[self.item.pk])) response = self.client.get(reverse('item-detail', args=[self.item.pk]))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(sorted(response.data.keys()), sorted((
'id',
'title',
'speakers',
'speaker_list_closed',
'content_object',)))
forbidden_keys = (
'item_number',
'list_view_title',
'comment',
'closed',
'type',
'is_hidden',
'duration',
'weight',
'parent',)
for key in forbidden_keys:
self.assertFalse(key in response.data.keys())
def test_normal_by_anonymous_cant_see_agenda_comments(self): def test_normal_by_anonymous_cant_see_agenda_comments(self):
self.item.type = Item.AGENDA_ITEM self.item.type = Item.AGENDA_ITEM