Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

BK-103 _full should not be viewable if a book is hidden or if users a…

…re blocked
  • Loading branch information...
commit a487a048ccce6badd4e45979d192ac3e8aa7cd4e 1 parent 50cb530
@aerkalov authored
Showing with 44 additions and 1 deletion.
  1. +44 −1 lib/booki/reader/views.py
View
45 lib/booki/reader/views.py
@@ -58,6 +58,14 @@ def view_full(request, bookid, version=None):
book_version = getVersion(book, version)
+ from booki.utils import security
+ bookSecurity = security.getUserSecurityForBook(request.user, book)
+
+ hasPermission = security.canEditBook(book, bookSecurity)
+
+ if book.hidden and not hasPermission:
+ return pages.ErrorPage(request, "errors/no_permissions.html")
+
for chapter in models.BookToc.objects.filter(version=book_version).order_by("-weight"):
if chapter.isChapter():
chapters.append({"type": "chapter",
@@ -165,9 +173,17 @@ def draft_book(request, bookid, version=None):
except models.Book.DoesNotExist:
return pages.ErrorPage(request, "errors/book_does_not_exist.html", {"book_name": bookid})
-
book_version = getVersion(book, version)
+ from booki.utils import security
+ bookSecurity = security.getUserSecurityForBook(request.user, book)
+
+ hasPermission = security.canEditBook(book, bookSecurity)
+
+ if book.hidden and not hasPermission:
+ return pages.ErrorPage(request, "errors/no_permissions.html")
+
+
chapters = []
for chapter in models.BookToc.objects.filter(version=book_version).order_by("-weight"):
@@ -206,6 +222,15 @@ def draft_chapter(request, bookid, chapter, version=None):
book_version = getVersion(book, version)
+ from booki.utils import security
+ bookSecurity = security.getUserSecurityForBook(request.user, book)
+
+ hasPermission = security.canEditBook(book, bookSecurity)
+
+ if book.hidden and not hasPermission:
+ return pages.ErrorPage(request, "errors/no_permissions.html")
+
+
chapters = []
for chap in models.BookToc.objects.filter(version=book_version).order_by("-weight"):
@@ -253,6 +278,15 @@ def book_view(request, bookid, version=None):
book_version = getVersion(book, version)
+ from booki.utils import security
+ bookSecurity = security.getUserSecurityForBook(request.user, book)
+
+ hasPermission = security.canEditBook(book, bookSecurity)
+
+ if book.hidden and not hasPermission:
+ return pages.ErrorPage(request, "errors/no_permissions.html")
+
+
chapters = []
for chapter in models.BookToc.objects.filter(version=book_version).order_by("-weight"):
@@ -293,6 +327,15 @@ def book_chapter(request, bookid, chapter, version=None):
book_version = getVersion(book, version)
+ from booki.utils import security
+ bookSecurity = security.getUserSecurityForBook(request.user, book)
+
+ hasPermission = security.canEditBook(book, bookSecurity)
+
+ if book.hidden and not hasPermission:
+ return pages.ErrorPage(request, "errors/no_permissions.html")
+
+
chapters = []
for chap in models.BookToc.objects.filter(version=book_version).order_by("-weight"):
Please sign in to comment.
Something went wrong with that request. Please try again.