diff options
author | Leif Johansson <leifj@sunet.se> | 2011-11-08 14:31:28 +0100 |
---|---|---|
committer | Leif Johansson <leifj@sunet.se> | 2011-11-08 14:31:28 +0100 |
commit | f207f05394c026da8b125e1c4b8a669a4848d1a8 (patch) | |
tree | 2188051ed36027f033ef4c4d39b5620d409ec0d8 /coip/apps | |
parent | d8427d63609c04619a1b70a5c499f8f450f1bd5e (diff) |
perm check
Diffstat (limited to 'coip/apps')
-rw-r--r-- | coip/apps/activitystreams/views.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/coip/apps/activitystreams/views.py b/coip/apps/activitystreams/views.py index 91ba957..235ecd8 100644 --- a/coip/apps/activitystreams/views.py +++ b/coip/apps/activitystreams/views.py @@ -49,6 +49,8 @@ def activity_to_json(activity): @oauth2_required(scope='memberships') def name(request,id): name = get_object_or_404(Name,pk=id) + if not name.has_permission(request.user,'r'): + return render403(request,"You do not have permission to view membership information for %s" % (name)) # check ownership stream = Action.objects.stream_for_object_as_target(name) if stream: |