Fix schedule creation permissions

author Magnus Hagander <magnus@hagander.net>

Mon, 2 Apr 2018 10:54:09 +0000 (12:54 +0200)

committer Magnus Hagander <magnus@hagander.net>

Mon, 2 Apr 2018 10:57:29 +0000 (12:57 +0200)
author Magnus Hagander <magnus@hagander.net>
Mon, 2 Apr 2018 10:54:09 +0000 (12:54 +0200)
committer Magnus Hagander <magnus@hagander.net>
Mon, 2 Apr 2018 10:57:29 +0000 (12:57 +0200)
diff --git a/postgresqleu/confreg/views.py b/postgresqleu/confreg/views.py

index de5af6c315f8a95ecc44dad1c7e404246fe8c52f..32be0813c43a4916ea8332266c48462cfa518604 100644 (file)
--- a/postgresqleu/confreg/views.py
+++ b/postgresqleu/confreg/views.py
@@ -2162,9 +2162,11 @@ def talkvote_status(request, confname):
  @transaction.atomic
  def createschedule(request, confname):
         conference = get_object_or_404(Conference, urlname=confname)
-       if not conference.talkvoters.filter(pk=request.user.id):
-               if not request.user.is_superuser:
-                       return Http404('You are not a talk voter for this conference!')
+       if not (request.user.is_superuser or
+                       conference.administrators.filter(pk=request.user.id).exists() or
+                       conference.talkvoters.filter(pk=request.user.id).exists()
+                       ):
+               raise Http404('You are not an administrator or talk voter for this conference!')
  
  
         if request.method=="POST":
@@ -2250,9 +2252,8 @@ def createschedule(request, confname):
                         })
  
  @login_required
-@user_passes_test_or_error(lambda u: u.is_superuser)
  def publishschedule(request, confname):
-       conference = get_object_or_404(Conference, urlname=confname)
+       conference = get_authenticated_conference(request, confname)
  
         transaction.set_autocommit(False)
author	Magnus Hagander <magnus@hagander.net>
	Mon, 2 Apr 2018 10:54:09 +0000 (12:54 +0200)
committer	Magnus Hagander <magnus@hagander.net>
	Mon, 2 Apr 2018 10:57:29 +0000 (12:57 +0200)