From eaa7be6ec64aee0b612d5c3cd56a579f289476e1 Mon Sep 17 00:00:00 2001 From: cuom1999 Date: Mon, 30 May 2022 23:35:30 -0500 Subject: [PATCH] fix blog permissions --- judge/views/blog.py | 9 ++++----- judge/views/organization.py | 5 +++++ templates/organization/home.html | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/judge/views/blog.py b/judge/views/blog.py index 400ab73..00a899b 100644 --- a/judge/views/blog.py +++ b/judge/views/blog.py @@ -99,11 +99,10 @@ class PostList(FeedView): .order_by("-sticky", "-publish_on") .prefetch_related("authors__user", "organizations") ) - if not self.request.user.has_perm("judge.edit_all_post"): - filter = Q(is_organization_private=False) - if self.request.user.is_authenticated: - filter |= Q(organizations__in=self.request.profile.organizations.all()) - queryset = queryset.filter(filter) + filter = Q(is_organization_private=False) + if self.request.user.is_authenticated: + filter |= Q(organizations__in=self.request.profile.organizations.all()) + queryset = queryset.filter(filter) return queryset def get_context_data(self, **kwargs): diff --git a/judge/views/organization.py b/judge/views/organization.py index 28e8824..248f32c 100644 --- a/judge/views/organization.py +++ b/judge/views/organization.py @@ -714,6 +714,11 @@ class AddOrganizationBlog( model = BlogPost form_class = OrganizationBlogForm + def get_form_class(self): + if self.can_edit_organization(self.organization): + return OrganizationAdminBlogForm + return OrganizationBlogForm + def get_title(self): return _("Add blog for %s") % self.organization.name diff --git a/templates/organization/home.html b/templates/organization/home.html index 6e1cc30..77e0241 100644 --- a/templates/organization/home.html +++ b/templates/organization/home.html @@ -13,7 +13,7 @@ {% elif organization.is_open or can_edit %}
{% csrf_token %} - +
{% else %}