From 6b99044f8533e5518037ab5a7a7d59101183ed1e Mon Sep 17 00:00:00 2001
From: j <0x006A@0x2620.org>
Date: Mon, 16 Jan 2012 20:31:07 +0530
Subject: [PATCH] return public items, dont return 403 to not fail if guest

---
 pandora/item/views.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/pandora/item/views.py b/pandora/item/views.py
index feb1a02f5..780c95ae9 100644
--- a/pandora/item/views.py
+++ b/pandora/item/views.py
@@ -411,7 +411,8 @@ def get(request):
         info['editable'] = item.editable(request.user)
         response['data'] = info
     else:
-        response = json_response(status=403, text='permission denied')
+        #response = json_response(status=403, text='permission denied')
+        response = json_response(status=404, text='not found')
     return render_to_json_response(response)
 actions.register(get)
 
@@ -835,7 +836,10 @@ def atom_xml(request):
     '''
     el = ET.SubElement(feed, 'id')
     el.text = atom_link
-    level = 5
+
+    level = settings.CONFIG['capabilities']['canSeeItem']['guest']
+    if not request.user.is_anonymous():
+        level = request.user.get_profile().level
     for item in models.Item.objects.filter(level__lte=level, rendered=True).order_by('-created')[:7]:
         page_link = request.build_absolute_uri('/%s' % item.itemId)
 
@@ -986,7 +990,10 @@ def sitemap_xml(request):
 def item(request, id):
     id = id.split('/')[0]
     template = 'index.html'
-    qs = models.Item.objects.filter(itemId=id)
+    level = settings.CONFIG['capabilities']['canSeeItem']['guest']
+    if not request.user.is_anonymous():
+        level = request.user.get_profile().level
+    qs = models.Item.objects.filter(itemId=id, level__lte=level)
     if qs.count() == 0:
         context = RequestContext(request, {
             'base_url': request.build_absolute_uri('/'),