Fix error when room owner edits room w/o admin privs

indico · Aug 19, 2022 · 66ace43 · 66ace43
1 parent ccdfdd8
commit 66ace43
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -91,6 +91,7 @@ Bugfixes
 - Fix misleading start and end times for Poster contributions in the timetable HTTP API
   and the contributions placeholder in emails (:pr:`5443`)
 - Do not mark persons as registered if the registration form has been deleted (:pr:`5448`)
+- Fix error when a room owner who is not an admin edits their room (:pr:`5457`)
 
 Internal Changes
 ^^^^^^^^^^^^^^^^

diff --git a/indico/modules/rb/controllers/backend/admin.py b/indico/modules/rb/controllers/backend/admin.py
@@ -67,6 +67,11 @@ def _process_PATCH(self, args):
 
 
 class RHLocations(RHRoomBookingAdminBase):
+    def _skip_admin_check(self):
+        # GET on this endpoint does not expose anything sensitive, so
+        # we allow any room manager to use it if they can edit rooms
+        return request.method == 'GET' and rb_settings.get('managers_edit_rooms') and has_managed_rooms(session.user)
+
     def _process_args(self):
         id_ = request.view_args.get('location_id')
         self.location = Location.get_or_404(id_, is_deleted=False) if id_ is not None else None