Commit 0cb5ad77 authored by Patrick's avatar Patrick
Browse files

Do not let access to 'who is who' or to 'send mail to all members' if the config disallow it

parent 1549fdb0
......@@ -7,7 +7,6 @@ from django.contrib.auth.decorators import login_required
from django.core.mail import EmailMessage
from django.forms import Textarea
from django.http import Http404
from django.http import HttpResponseRedirect
from django.shortcuts import render
from django.utils.html import strip_tags
from django.utils.translation import ugettext_lazy as _
......@@ -39,6 +38,9 @@ class MembersContactValidationForm(NgFormValidationMixin, MembersContactForm):
@csrf_protect
@never_cache
def send_mail_to_all_members_view(request):
from repanier.apps import REPANIER_SETTINGS_DISPLAY_WHO_IS_WHO
if not REPANIER_SETTINGS_DISPLAY_WHO_IS_WHO:
raise Http404
if request.user.is_staff:
raise Http404
is_coordinator = request.user.is_superuser or request.user.is_staff or Staff.objects.filter(
......
......@@ -3,6 +3,7 @@ from __future__ import unicode_literals
from django.contrib.auth.decorators import login_required
from django.db.models import Q
from django.http import Http404
from django.shortcuts import render
from django.utils import translation
from django.views.decorators.cache import never_cache
......@@ -15,6 +16,9 @@ from repanier.models import Customer, Staff
@csrf_protect
@never_cache
def who_is_who_view(request):
from repanier.apps import REPANIER_SETTINGS_DISPLAY_WHO_IS_WHO
if not REPANIER_SETTINGS_DISPLAY_WHO_IS_WHO:
raise Http404
q = request.POST.get('q', None)
customer_list = Customer.objects.filter(may_order=True, represent_this_buyinggroup=False).order_by(
"long_basket_name")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment