Restrict access to sheperd document list. See #564

- Legacy-Id: 2710
2010-12-09 14:37:44 +00:00 · 2010-12-09 14:37:44 +00:00 · 1e5f2df379
parent a0b7992169
commit 1e5f2df379
3 changed files with 17 additions and 6 deletions
--- a/ietf/templates/wgchairs/wg_shepherd_documents.html
+++ b/ietf/templates/wgchairs/wg_shepherd_documents.html
@ -53,7 +53,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
      {% for doc in documents %}
        <tr class="{% cycle oddrow,evenrow %}">
          <td class="title">
-            <a href="{% url doc_managing_shepherd doc %}">{{ doc.title }}</a>
+            <a href="{% url doc_managing_shepherd wg.group_acronym.acronym doc %}">{{ doc.title }}</a>
          </td>
          <td class="date">
             {{ doc.status.start_date|date:"Y-m" }}
--- a/ietf/wgchairs/accounts.py
+++ b/ietf/wgchairs/accounts.py
@ -37,3 +37,10 @@ def can_manage_delegates_in_group(user, group):
    if not person:
        return False
    return is_group_chair(person, group)
+
+
+def can_manage_shepherds_in_group(user, group):
+    person = get_person_for_user(user)
+    if not person:
+        return False
+    return is_group_chair(person, group)
--- a/ietf/wgchairs/views.py
+++ b/ietf/wgchairs/views.py
@ -5,9 +5,9 @@ from django.http import HttpResponseForbidden

 from ietf.wgchairs.forms import (RemoveDelegateForm, add_form_factory,
                                 ManagingShepherdForm)
-from ietf.wgchairs.accounts import can_manage_delegates_in_group
+from ietf.wgchairs.accounts import (can_manage_delegates_in_group, get_person_for_user,
+                                    can_manage_shepherds_in_group)
 from ietf.ietfworkflows.utils import get_workflow_for_wg
-from ietf.idtracker.models import InternetDraft, PersonOrOrgInfo, IESGLogin
 from django.db.models import Q


@ -65,8 +65,11 @@ def managing_shepherd(request, acronym, name):


 def wg_shepherd_documents(request, acronym):
-    current_person = PersonOrOrgInfo.objects. \
-                            get(iesglogin__login_name=request.user.username)
+    wg = get_object_or_404(IETFWG, group_acronym__acronym=acronym, group_type=1)
+    user = request.user
+    if not can_manage_shepherds_in_group(user, wg):
+        return HttpResponseForbidden('You have no permission to access this view')
+    current_person = get_person_for_user(user)

    base_qs = InternetDraft.objects.select_related('status')
    documents_no_shepherd = base_qs.filter(shepherd__isnull=True)
@ -77,6 +80,7 @@ def wg_shepherd_documents(request, acronym):
            'Documents without Shepherd': documents_no_shepherd,
            'My documents': documents_my,
            'Other documents': documents_other,
-        }
+        },
+        'wg': wg,
    }
    return render_to_response('wgchairs/wg_shepherd_documents.html', context, RequestContext(request))