Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
chris
repanier
Commits
0cb5ad77
Commit
0cb5ad77
authored
Mar 14, 2017
by
Patrick
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Do not let access to 'who is who' or to 'send mail to all members' if the config disallow it
parent
1549fdb0
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
7 additions
and
1 deletion
+7
-1
repanier/views/send_mail_to_all_members_view.py
repanier/views/send_mail_to_all_members_view.py
+3
-1
repanier/views/who_is_who_view.py
repanier/views/who_is_who_view.py
+4
-0
No files found.
repanier/views/send_mail_to_all_members_view.py
View file @
0cb5ad77
...
...
@@ -7,7 +7,6 @@ from django.contrib.auth.decorators import login_required
from
django.core.mail
import
EmailMessage
from
django.forms
import
Textarea
from
django.http
import
Http404
from
django.http
import
HttpResponseRedirect
from
django.shortcuts
import
render
from
django.utils.html
import
strip_tags
from
django.utils.translation
import
ugettext_lazy
as
_
...
...
@@ -39,6 +38,9 @@ class MembersContactValidationForm(NgFormValidationMixin, MembersContactForm):
@
csrf_protect
@
never_cache
def
send_mail_to_all_members_view
(
request
):
from
repanier.apps
import
REPANIER_SETTINGS_DISPLAY_WHO_IS_WHO
if
not
REPANIER_SETTINGS_DISPLAY_WHO_IS_WHO
:
raise
Http404
if
request
.
user
.
is_staff
:
raise
Http404
is_coordinator
=
request
.
user
.
is_superuser
or
request
.
user
.
is_staff
or
Staff
.
objects
.
filter
(
...
...
repanier/views/who_is_who_view.py
View file @
0cb5ad77
...
...
@@ -3,6 +3,7 @@ from __future__ import unicode_literals
from
django.contrib.auth.decorators
import
login_required
from
django.db.models
import
Q
from
django.http
import
Http404
from
django.shortcuts
import
render
from
django.utils
import
translation
from
django.views.decorators.cache
import
never_cache
...
...
@@ -15,6 +16,9 @@ from repanier.models import Customer, Staff
@
csrf_protect
@
never_cache
def
who_is_who_view
(
request
):
from
repanier.apps
import
REPANIER_SETTINGS_DISPLAY_WHO_IS_WHO
if
not
REPANIER_SETTINGS_DISPLAY_WHO_IS_WHO
:
raise
Http404
q
=
request
.
POST
.
get
(
'q'
,
None
)
customer_list
=
Customer
.
objects
.
filter
(
may_order
=
True
,
represent_this_buyinggroup
=
False
).
order_by
(
"long_basket_name"
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment