perm check

author: Leif Johansson <leifj@sunet.se> 2011-11-08 14:31:28 +0100
committer: Leif Johansson <leifj@sunet.se> 2011-11-08 14:31:28 +0100
commit: f207f05394c026da8b125e1c4b8a669a4848d1a8 (patch)
tree: 2188051ed36027f033ef4c4d39b5620d409ec0d8 /coip
parent: d8427d63609c04619a1b70a5c499f8f450f1bd5e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/coip/apps/activitystreams/views.py b/coip/apps/activitystreams/views.py
index 91ba957..235ecd8 100644
--- a/coip/apps/activitystreams/views.py
+++ b/coip/apps/activitystreams/views.py
@@ -49,6 +49,8 @@ def activity_to_json(activity):
 @oauth2_required(scope='memberships')
 def name(request,id):
     name = get_object_or_404(Name,pk=id)
+    if not name.has_permission(request.user,'r'):
+        return render403(request,"You do not have permission to view membership information for %s" % (name))
     # check ownership
     stream = Action.objects.stream_for_object_as_target(name)
     if stream:
author	Leif Johansson <leifj@sunet.se>	2011-11-08 14:31:28 +0100
committer	Leif Johansson <leifj@sunet.se>	2011-11-08 14:31:28 +0100
commit	f207f05394c026da8b125e1c4b8a669a4848d1a8 (patch)
tree	2188051ed36027f033ef4c4d39b5620d409ec0d8 /coip
parent	d8427d63609c04619a1b70a5c499f8f450f1bd5e (diff)