Skip to content

Commit 5e7d8c6

Browse files
committed
Fix auth check for editing the metadata of a submission - the path
without an access token would not allow a Secretariat user but instead always throw an exception - Legacy-Id: 7079
1 parent 8dc19fd commit 5e7d8c6

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

ietf/submit/views.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -130,10 +130,10 @@ def search_submission(request):
130130
'name': name},
131131
context_instance=RequestContext(request))
132132

133-
def can_edit_submission(request, submission, access_token):
133+
def can_edit_submission(user, submission, access_token):
134134
key_matched = access_token and submission.access_token() == access_token
135135
if not key_matched: key_matched = submission.access_key == access_token # backwards-compat
136-
return key_matched or has_role(request.user, "Secretariat")
136+
return key_matched or has_role(user, "Secretariat")
137137

138138
def submission_status(request, submission_id, access_token=None):
139139
submission = get_object_or_404(Submission, pk=submission_id)
@@ -149,7 +149,7 @@ def submission_status(request, submission_id, access_token=None):
149149
is_secretariat = has_role(request.user, "Secretariat")
150150
is_chair = submission.group and submission.group.has_role(request.user, "chair")
151151

152-
can_edit = can_edit_submission(request, submission, access_token) and submission.state_id == "uploaded"
152+
can_edit = can_edit_submission(request.user, submission, access_token) and submission.state_id == "uploaded"
153153
can_cancel = (key_matched or is_secretariat) and submission.state.next_states.filter(slug="cancel")
154154
can_group_approve = (is_secretariat or is_chair) and submission.state_id == "grp-appr"
155155
can_force_post = is_secretariat and submission.state.next_states.filter(slug="posted")

0 commit comments

Comments
 (0)