diff options
Diffstat (limited to 'coip/apps/activitystreams/views.py')
-rw-r--r-- | coip/apps/activitystreams/views.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/coip/apps/activitystreams/views.py b/coip/apps/activitystreams/views.py index 91ba957..235ecd8 100644 --- a/coip/apps/activitystreams/views.py +++ b/coip/apps/activitystreams/views.py @@ -49,6 +49,8 @@ def activity_to_json(activity): @oauth2_required(scope='memberships') def name(request,id): name = get_object_or_404(Name,pk=id) + if not name.has_permission(request.user,'r'): + return render403(request,"You do not have permission to view membership information for %s" % (name)) # check ownership stream = Action.objects.stream_for_object_as_target(name) if stream: |