From f1a0a71d971ffa4c01a88b92aa4869dd3a12a3fa Mon Sep 17 00:00:00 2001 From: Aurélien Bompard Date: Fri, 18 Oct 2013 16:15:40 +0200 Subject: Handle permissions on private mailing-lists --- hyperkitty/views/search.py | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'hyperkitty/views/search.py') diff --git a/hyperkitty/views/search.py b/hyperkitty/views/search.py index d398ae2..3eb179f 100644 --- a/hyperkitty/views/search.py +++ b/hyperkitty/views/search.py @@ -30,6 +30,7 @@ from hyperkitty.lib.view_helpers import paginate from hyperkitty.lib.voting import set_message_votes from hyperkitty.views.list import _thread_list +from hyperkitty.lib.mailman import check_mlist_private, is_mlist_authorized class SearchPaginator(Paginator): @@ -46,6 +47,7 @@ class SearchPaginator(Paginator): return Page(self.object_list, number, self) +@check_mlist_private def search_tag(request, mlist_fqdn, tag): '''Returns threads having a particular tag''' store = get_store(request) @@ -84,6 +86,10 @@ def search(request, page=1): mlist = store.get_list(mlist_fqdn) if mlist is None: raise Http404("No archived mailing-list by that name.") + if not is_mlist_authorized(request, mlist): + return render(request, "error-private.html", { + "mlist": mlist, + }, status=403) if not query: return render(request, "search_results.html", { -- cgit