Commit 0cb5ad77 authored by Patrick's avatar Patrick

Do not let access to 'who is who' or to 'send mail to all members' if the config disallow it

parent 1549fdb0
......@@ -7,7 +7,6 @@ from django.contrib.auth.decorators import login_required
from django.core.mail import EmailMessage
from django.forms import Textarea
from django.http import Http404
from django.http import HttpResponseRedirect
from django.shortcuts import render
from django.utils.html import strip_tags
from django.utils.translation import ugettext_lazy as _
......@@ -39,6 +38,9 @@ class MembersContactValidationForm(NgFormValidationMixin, MembersContactForm):
@csrf_protect
@never_cache
def send_mail_to_all_members_view(request):
from repanier.apps import REPANIER_SETTINGS_DISPLAY_WHO_IS_WHO
if not REPANIER_SETTINGS_DISPLAY_WHO_IS_WHO:
raise Http404
if request.user.is_staff:
raise Http404
is_coordinator = request.user.is_superuser or request.user.is_staff or Staff.objects.filter(
......
......@@ -3,6 +3,7 @@ from __future__ import unicode_literals
from django.contrib.auth.decorators import login_required
from django.db.models import Q
from django.http import Http404
from django.shortcuts import render
from django.utils import translation
from django.views.decorators.cache import never_cache
......@@ -15,6 +16,9 @@ from repanier.models import Customer, Staff
@csrf_protect
@never_cache
def who_is_who_view(request):
from repanier.apps import REPANIER_SETTINGS_DISPLAY_WHO_IS_WHO
if not REPANIER_SETTINGS_DISPLAY_WHO_IS_WHO:
raise Http404
q = request.POST.get('q', None)
customer_list = Customer.objects.filter(may_order=True, represent_this_buyinggroup=False).order_by(
"long_basket_name")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment