From f207f05394c026da8b125e1c4b8a669a4848d1a8 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 8 Nov 2011 14:31:28 +0100
Subject: perm check

---
 coip/apps/activitystreams/views.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'coip/apps')

diff --git a/coip/apps/activitystreams/views.py b/coip/apps/activitystreams/views.py
index 91ba957..235ecd8 100644
--- a/coip/apps/activitystreams/views.py
+++ b/coip/apps/activitystreams/views.py
@@ -49,6 +49,8 @@ def activity_to_json(activity):
 @oauth2_required(scope='memberships')
 def name(request,id):
     name = get_object_or_404(Name,pk=id)
+    if not name.has_permission(request.user,'r'):
+        return render403(request,"You do not have permission to view membership information for %s" % (name))
     # check ownership
     stream = Action.objects.stream_for_object_as_target(name)
     if stream:
-- 
cgit v1.1