Commits

Stanislav Panasik  committed 0c8d0de

Fixed wrong permission check. Users may have right to reply in topic, but do not have rights to add new topic

  • Participants
  • Parent commits dca54fa

Comments (0)

Files changed (1)

File pybb/views.py

     request_forum = forum
     if request_forum is None:
         request_forum = topic.forum
+    
+    if have_permissions(request, request_forum, 'deny-view-forum'):
+        return HttpResponseRedirect('/')
+    
+    if forum:    
+        if (not request.user.is_superuser) and (have_permissions(request, request_forum, 'deny-create-topic')):
+            return HttpResponseRedirect('/')
+    if topic:
+        if have_permissions(request, request_forum, 'deny-add-post'):
+            return HttpResponseRedirect('/')
         
-    if (not request.user.is_superuser) and (have_permissions(request, request_forum, 'deny-create-topic') or \
-           have_permissions(request, request_forum, 'deny-view-forum') or \
-           have_permissions(request, request_forum, 'deny-add-post')):
-        return HttpResponseRedirect('/')
 
     try:
         quote_id = int(request.GET.get('quote_id'))