Always provide the list of speakers (closes #3003)

This commit is contained in:
FinnStutzenstein 2017-03-03 10:54:41 +01:00
parent ebf90e4217
commit 9fbbfe0f50
4 changed files with 47 additions and 10 deletions

View File

@ -15,6 +15,7 @@ Agenda:
- Added option to choose whether to show the current list of speakers slide
as a slide or an overlay.
- Manage speakers on the current list of speakers view.
- List of speakers for hidden items is always visible.
Core:
- Added support for multiple projectors.

View File

@ -27,9 +27,21 @@ class ItemAccessPermissions(BaseAccessPermissions):
Returns the restricted serialized data for the instance prepared
for the user.
"""
if (has_perm(user, 'agenda.can_see') and
(not full_data['is_hidden'] or
has_perm(user, 'agenda.can_see_hidden_items'))):
if has_perm(user, 'agenda.can_see'):
if full_data['is_hidden'] and not has_perm(user, 'agenda.can_see_hidden_items'):
# The data is hidden but the user isn't allowed to see it. Jst pass
# the whitelisted keys so the list of speakers is provided regardless.
whitelist = (
'id',
'title',
'speakers',
'speaker_list_closed',
'content_object',)
data = {}
for key in full_data.keys():
if key in whitelist:
data[key] = full_data[key]
else:
if has_perm(user, 'agenda.can_manage'):
data = full_data
else:

View File

@ -103,7 +103,13 @@ angular.module('OpenSlidesApp.agenda.site', [
$scope.$watch(function () {
return Agenda.lastModified();
}, function () {
$scope.items = AgendaTree.getFlatTree(Agenda.getAll());
// Filter out items that doesn't have the list_item_title. This happens, if the
// item is a hidden item but provides the list of speakers, but should not be
// visible in the list view.
var allowedItems = _.filter(Agenda.getAll(), function (item) {
return item.list_view_title;
});
$scope.items = AgendaTree.getFlatTree(allowedItems);
var subitems = $filter('filter')($scope.items, {'parent_id': ''});
if (subitems.length) {
$scope.agendaHasSubitems = true;

View File

@ -41,7 +41,25 @@ class RetrieveItem(TestCase):
permission = group.permissions.get(content_type__app_label=app_label, codename=codename)
group.permissions.remove(permission)
response = self.client.get(reverse('item-detail', args=[self.item.pk]))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(sorted(response.data.keys()), sorted((
'id',
'title',
'speakers',
'speaker_list_closed',
'content_object',)))
forbidden_keys = (
'item_number',
'list_view_title',
'comment',
'closed',
'type',
'is_hidden',
'duration',
'weight',
'parent',)
for key in forbidden_keys:
self.assertFalse(key in response.data.keys())
def test_normal_by_anonymous_cant_see_agenda_comments(self):
self.item.type = Item.AGENDA_ITEM