Permalink
Browse files

Make sure that only users with the correct permissions can view a pag…

…e that is private
  • Loading branch information...
1 parent 82c2a0d commit b2911eac1f520b229826cc927639cfb6a0c52bbb Andre Engelbrecht committed Jun 15, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 ostinato/pages/views.py
View
2 ostinato/pages/views.py
@@ -36,7 +36,7 @@ def page_dispatch(request, *args, **kwargs):
raise http.Http404
sm = PageWorkflow(instance=page)
- if sm.state == 'Private':
+ if sm.state == 'Private' and not request.user.has_perm('pages.private_view'):
if page.author != request.user or not request.user.is_superuser:
return http.HttpResponseForbidden()

0 comments on commit b2911ea

Please sign in to comment.