Allow staff to view anything on the front site.

In particular, influence_detail and character_detail no longer deny
access to staff members.

diff --git a/influences/views.py b/influences/views.py
index 35ee02ef921227f8faf626fb355ad031c8422440..7f7b2621f918a588e03e7e356853b0d45514ffb7 100644 (file)
--- a/influences/views.py
+++ b/influences/views.py
@@ -79,7 +79,7 @@ def character_list(request):
 def character_detail(request, object_id):
     o = Character.objects.get(pk=object_id)
     # Don't show other player's characters
-    if (o.player != request.user):
+    if (not request.user.is_staff and o.player != request.user):
         return HttpResponseForbidden("Forbidden -- Trying to view somebody else's character")
     return render_to_response('influences/character_detail.html', {'object' : o}, RequestContext(request))
 
@@ -101,7 +101,7 @@ def influence_detail(request, object_id):
 
     o = Influence.objects.get(pk=object_id)
     # Don't show other player's influences
-    if (o.character.player != request.user):
+    if (not request.user.is_staff and o.character.player != request.user):
         return HttpResponseForbidden("Forbidden -- Trying to view influences of somebody else's character")
 
     # Show all comments to staff, but only public comments to other