Merge pull request #3035 from FinnStutzenstein/Issue3003
Always provide the list of speakers (closes #3003)
This commit is contained in:
commit
cc6d2a6ca9
@ -15,6 +15,7 @@ Agenda:
|
||||
- Added option to choose whether to show the current list of speakers slide
|
||||
as a slide or an overlay.
|
||||
- Manage speakers on the current list of speakers view.
|
||||
- List of speakers for hidden items is always visible.
|
||||
|
||||
Core:
|
||||
- Added support for multiple projectors.
|
||||
|
@ -27,17 +27,29 @@ class ItemAccessPermissions(BaseAccessPermissions):
|
||||
Returns the restricted serialized data for the instance prepared
|
||||
for the user.
|
||||
"""
|
||||
if (has_perm(user, 'agenda.can_see') and
|
||||
(not full_data['is_hidden'] or
|
||||
has_perm(user, 'agenda.can_see_hidden_items'))):
|
||||
if has_perm(user, 'agenda.can_manage'):
|
||||
data = full_data
|
||||
else:
|
||||
# Strip out item comments for unprivileged users.
|
||||
if has_perm(user, 'agenda.can_see'):
|
||||
if full_data['is_hidden'] and not has_perm(user, 'agenda.can_see_hidden_items'):
|
||||
# The data is hidden but the user isn't allowed to see it. Jst pass
|
||||
# the whitelisted keys so the list of speakers is provided regardless.
|
||||
whitelist = (
|
||||
'id',
|
||||
'title',
|
||||
'speakers',
|
||||
'speaker_list_closed',
|
||||
'content_object',)
|
||||
data = {}
|
||||
for key in full_data.keys():
|
||||
if key != 'comment':
|
||||
if key in whitelist:
|
||||
data[key] = full_data[key]
|
||||
else:
|
||||
if has_perm(user, 'agenda.can_manage'):
|
||||
data = full_data
|
||||
else:
|
||||
# Strip out item comments for unprivileged users.
|
||||
data = {}
|
||||
for key in full_data.keys():
|
||||
if key != 'comment':
|
||||
data[key] = full_data[key]
|
||||
else:
|
||||
data = None
|
||||
return data
|
||||
|
@ -104,7 +104,13 @@ angular.module('OpenSlidesApp.agenda.site', [
|
||||
$scope.$watch(function () {
|
||||
return Agenda.lastModified();
|
||||
}, function () {
|
||||
$scope.items = AgendaTree.getFlatTree(Agenda.getAll());
|
||||
// Filter out items that doesn't have the list_item_title. This happens, if the
|
||||
// item is a hidden item but provides the list of speakers, but should not be
|
||||
// visible in the list view.
|
||||
var allowedItems = _.filter(Agenda.getAll(), function (item) {
|
||||
return item.list_view_title;
|
||||
});
|
||||
$scope.items = AgendaTree.getFlatTree(allowedItems);
|
||||
var subitems = $filter('filter')($scope.items, {'parent_id': ''});
|
||||
if (subitems.length) {
|
||||
$scope.agendaHasSubitems = true;
|
||||
|
@ -41,7 +41,25 @@ class RetrieveItem(TestCase):
|
||||
permission = group.permissions.get(content_type__app_label=app_label, codename=codename)
|
||||
group.permissions.remove(permission)
|
||||
response = self.client.get(reverse('item-detail', args=[self.item.pk]))
|
||||
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
self.assertEqual(sorted(response.data.keys()), sorted((
|
||||
'id',
|
||||
'title',
|
||||
'speakers',
|
||||
'speaker_list_closed',
|
||||
'content_object',)))
|
||||
forbidden_keys = (
|
||||
'item_number',
|
||||
'list_view_title',
|
||||
'comment',
|
||||
'closed',
|
||||
'type',
|
||||
'is_hidden',
|
||||
'duration',
|
||||
'weight',
|
||||
'parent',)
|
||||
for key in forbidden_keys:
|
||||
self.assertFalse(key in response.data.keys())
|
||||
|
||||
def test_normal_by_anonymous_cant_see_agenda_comments(self):
|
||||
self.item.type = Item.AGENDA_ITEM
|
||||
|
Loading…
Reference in New Issue
Block a user