Allow all related players to view an influence.

author Matthijs Kooijman <matthijs@stdin.nl>

Fri, 16 Jan 2009 21:24:53 +0000 (22:24 +0100)

committer Matthijs Kooijman <matthijs@stdin.nl>

Fri, 16 Jan 2009 21:24:53 +0000 (22:24 +0100)
author Matthijs Kooijman <matthijs@stdin.nl>
Fri, 16 Jan 2009 21:24:53 +0000 (22:24 +0100)
committer Matthijs Kooijman <matthijs@stdin.nl>
Fri, 16 Jan 2009 21:24:53 +0000 (22:24 +0100)
diff --git a/influences/views.py b/influences/views.py

index b202c075efab02375cbe8a735a15cc14607b111d..e741605e9acad8e94efb4f96552c1ea2daa85c0f 100644 (file)
--- a/influences/views.py
+++ b/influences/views.py
@@ -101,8 +101,8 @@ def influence_detail(request, object_id):
  
      o = Influence.objects.get(pk=object_id)
      # Don't show other player's influences
-    if (not request.user.is_staff and o.initiator.player != request.user):
-        return HttpResponseForbidden("Forbidden -- Trying to view influences of somebody else's character")
+    if (not request.user.is_staff and not request.user in o.related_players):
+        return HttpResponseForbidden("Forbidden -- Trying to view influences you are not involved in.")
  
      # Show all comments to staff, but only public comments to other
      # users
author	Matthijs Kooijman <matthijs@stdin.nl>
	Fri, 16 Jan 2009 21:24:53 +0000 (22:24 +0100)
committer	Matthijs Kooijman <matthijs@stdin.nl>
	Fri, 16 Jan 2009 21:24:53 +0000 (22:24 +0100)