forked from 0x2620/pandora
return public items, dont return 403 to not fail if guest
This commit is contained in:
parent
7f0d008ca5
commit
6b99044f85
1 changed files with 10 additions and 3 deletions
|
@ -411,7 +411,8 @@ def get(request):
|
||||||
info['editable'] = item.editable(request.user)
|
info['editable'] = item.editable(request.user)
|
||||||
response['data'] = info
|
response['data'] = info
|
||||||
else:
|
else:
|
||||||
response = json_response(status=403, text='permission denied')
|
#response = json_response(status=403, text='permission denied')
|
||||||
|
response = json_response(status=404, text='not found')
|
||||||
return render_to_json_response(response)
|
return render_to_json_response(response)
|
||||||
actions.register(get)
|
actions.register(get)
|
||||||
|
|
||||||
|
@ -835,7 +836,10 @@ def atom_xml(request):
|
||||||
'''
|
'''
|
||||||
el = ET.SubElement(feed, 'id')
|
el = ET.SubElement(feed, 'id')
|
||||||
el.text = atom_link
|
el.text = atom_link
|
||||||
level = 5
|
|
||||||
|
level = settings.CONFIG['capabilities']['canSeeItem']['guest']
|
||||||
|
if not request.user.is_anonymous():
|
||||||
|
level = request.user.get_profile().level
|
||||||
for item in models.Item.objects.filter(level__lte=level, rendered=True).order_by('-created')[:7]:
|
for item in models.Item.objects.filter(level__lte=level, rendered=True).order_by('-created')[:7]:
|
||||||
page_link = request.build_absolute_uri('/%s' % item.itemId)
|
page_link = request.build_absolute_uri('/%s' % item.itemId)
|
||||||
|
|
||||||
|
@ -986,7 +990,10 @@ def sitemap_xml(request):
|
||||||
def item(request, id):
|
def item(request, id):
|
||||||
id = id.split('/')[0]
|
id = id.split('/')[0]
|
||||||
template = 'index.html'
|
template = 'index.html'
|
||||||
qs = models.Item.objects.filter(itemId=id)
|
level = settings.CONFIG['capabilities']['canSeeItem']['guest']
|
||||||
|
if not request.user.is_anonymous():
|
||||||
|
level = request.user.get_profile().level
|
||||||
|
qs = models.Item.objects.filter(itemId=id, level__lte=level)
|
||||||
if qs.count() == 0:
|
if qs.count() == 0:
|
||||||
context = RequestContext(request, {
|
context = RequestContext(request, {
|
||||||
'base_url': request.build_absolute_uri('/'),
|
'base_url': request.build_absolute_uri('/'),
|
||||||
|
|
Loading…
Reference in a new issue