From 1e5f2df379af7fc798a7e95e32f8aa1bf9a4677b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emilio=20A=2E=20S=C3=A1nchez=20L=C3=B3pez?=
 <esanchez@yaco.es>
Date: Thu, 9 Dec 2010 14:37:44 +0000
Subject: [PATCH] Restrict access to sheperd document list. See #564  -
 Legacy-Id: 2710

---
 ietf/templates/wgchairs/wg_shepherd_documents.html |  2 +-
 ietf/wgchairs/accounts.py                          |  7 +++++++
 ietf/wgchairs/views.py                             | 14 +++++++++-----
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/ietf/templates/wgchairs/wg_shepherd_documents.html b/ietf/templates/wgchairs/wg_shepherd_documents.html
index 6b9c0be3c..5c76b0300 100644
--- a/ietf/templates/wgchairs/wg_shepherd_documents.html
+++ b/ietf/templates/wgchairs/wg_shepherd_documents.html
@@ -53,7 +53,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
       {% for doc in documents %}
         <tr class="{% cycle oddrow,evenrow %}">
           <td class="title">
-            <a href="{% url doc_managing_shepherd doc %}">{{ doc.title }}</a>
+            <a href="{% url doc_managing_shepherd wg.group_acronym.acronym doc %}">{{ doc.title }}</a>
           </td>
           <td class="date">
              {{ doc.status.start_date|date:"Y-m" }}
diff --git a/ietf/wgchairs/accounts.py b/ietf/wgchairs/accounts.py
index 95f45d147..6177cbca0 100644
--- a/ietf/wgchairs/accounts.py
+++ b/ietf/wgchairs/accounts.py
@@ -37,3 +37,10 @@ def can_manage_delegates_in_group(user, group):
     if not person:
         return False
     return is_group_chair(person, group)
+
+
+def can_manage_shepherds_in_group(user, group):
+    person = get_person_for_user(user)
+    if not person:
+        return False
+    return is_group_chair(person, group)
diff --git a/ietf/wgchairs/views.py b/ietf/wgchairs/views.py
index 69da491af..f04a36298 100644
--- a/ietf/wgchairs/views.py
+++ b/ietf/wgchairs/views.py
@@ -5,9 +5,9 @@ from django.http import HttpResponseForbidden
 
 from ietf.wgchairs.forms import (RemoveDelegateForm, add_form_factory,
                                  ManagingShepherdForm)
-from ietf.wgchairs.accounts import can_manage_delegates_in_group
+from ietf.wgchairs.accounts import (can_manage_delegates_in_group, get_person_for_user,
+                                    can_manage_shepherds_in_group)
 from ietf.ietfworkflows.utils import get_workflow_for_wg
-from ietf.idtracker.models import InternetDraft, PersonOrOrgInfo, IESGLogin
 from django.db.models import Q
 
 
@@ -65,8 +65,11 @@ def managing_shepherd(request, acronym, name):
 
 
 def wg_shepherd_documents(request, acronym):
-    current_person = PersonOrOrgInfo.objects. \
-                            get(iesglogin__login_name=request.user.username)
+    wg = get_object_or_404(IETFWG, group_acronym__acronym=acronym, group_type=1)
+    user = request.user
+    if not can_manage_shepherds_in_group(user, wg):
+        return HttpResponseForbidden('You have no permission to access this view')
+    current_person = get_person_for_user(user)
 
     base_qs = InternetDraft.objects.select_related('status')
     documents_no_shepherd = base_qs.filter(shepherd__isnull=True)
@@ -77,6 +80,7 @@ def wg_shepherd_documents(request, acronym):
             'Documents without Shepherd': documents_no_shepherd,
             'My documents': documents_my,
             'Other documents': documents_other,
-        }
+        },
+        'wg': wg,
     }
     return render_to_response('wgchairs/wg_shepherd_documents.html', context, RequestContext(request))