From e43038217bd748cf676b1e6c193541d05a20ca08 Mon Sep 17 00:00:00 2001
From: yomguy <yomguy@parisson.com>
Date: Mon, 23 Jul 2012 02:38:29 +0200
Subject: [PATCH] fix security access on conferences

---
 teleforma/templates/teleforma/course_conference.html      | 8 ++++++++
 .../templates/teleforma/course_conference_audio.html      | 8 ++++++++
 teleforma/urls.py                                         | 2 +-
 teleforma/views.py                                        | 8 +++++++-
 4 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/teleforma/templates/teleforma/course_conference.html b/teleforma/templates/teleforma/course_conference.html
index 565f141a..aa87f73a 100644
--- a/teleforma/templates/teleforma/course_conference.html
+++ b/teleforma/templates/teleforma/course_conference.html
@@ -37,6 +37,12 @@
 </div>
 
 <div class="media">
+{% if access_error %}
+  <p>{{ access_error }}</p>
+  <p>{{ message }}</p>
+
+{% else %}
+
 {% for livestream in livestreams %}
 {% if "webm" == livestream.stream_type %}
 <div class="video">
@@ -47,6 +53,8 @@
 </div>
 {% endif %}
 {% endfor %}
+
+{% endif %}
 </div>
 
 {% block general_info %}
diff --git a/teleforma/templates/teleforma/course_conference_audio.html b/teleforma/templates/teleforma/course_conference_audio.html
index ea3248f6..16b64c71 100644
--- a/teleforma/templates/teleforma/course_conference_audio.html
+++ b/teleforma/templates/teleforma/course_conference_audio.html
@@ -37,6 +37,12 @@
 </div>
 
 <div class="media">
+{% if access_error %}
+  <p>{{ access_error }}</p>
+  <p>{{ message }}</p>
+
+{% else %}
+
 {% for livestream in livestreams %}
 {% if "mp3" == livestream.stream_type %}
 <div class="audio">
@@ -47,6 +53,8 @@
 </div>
 {% endif %}
 {% endfor %}
+
+{% endif %}
 </div>
 
 {% block general_info %}
diff --git a/teleforma/urls.py b/teleforma/urls.py
index d73a2045..285d92f0 100644
--- a/teleforma/urls.py
+++ b/teleforma/urls.py
@@ -75,7 +75,7 @@ urlpatterns = patterns('',
 
     url(r'^desk/conferences/(?P<pk>.*)/$', ConferenceView.as_view(),
         name="teleforma-conference-detail"),
-    url(r'^desk/conferences/(?P<pk>.+)/audio/$', ConferenceView.as_view(template_name="teleforma/course_conference_audio.html"),
+    url(r'^desk/conferences/(?P<pk>.*)/audio/$', ConferenceView.as_view(template_name="teleforma/course_conference_audio.html"),
         name="teleforma-conference-audio"),
     url(r'^desk/conference_record/$', ConferenceRecordView.as_view(),
         name="teleforma-conference-record"),
diff --git a/teleforma/views.py b/teleforma/views.py
index 24c086b8..f5f24112 100755
--- a/teleforma/views.py
+++ b/teleforma/views.py
@@ -328,7 +328,8 @@ class ConferenceView(DetailView):
 
     def get_context_data(self, **kwargs):
         context = super(ConferenceView, self).get_context_data(**kwargs)
-        context['all_courses'] = get_courses(self.request.user)
+        all_courses = get_courses(self.request.user)
+        context['all_courses'] = all_courses
         conference = self.get_object()
         context['course'] = conference.course
         context['type'] = conference.course_type
@@ -338,6 +339,10 @@ class ConferenceView(DetailView):
                                    id=conference.id)
         context['livestreams'] = conference.livestream.all()
         context['host'] = get_host(self.request)
+        access = get_access(conference, all_courses)
+        if not access:
+            context['access_error'] = access_error
+            context['message'] = contact_message
         return context
 
     @jsonrpc_method('teleforma.conference_stop')
@@ -352,6 +357,7 @@ class ConferenceView(DetailView):
             station.save()
             station.stop()
 
+    @method_decorator(login_required)
     def dispatch(self, *args, **kwargs):
         return super(ConferenceView, self).dispatch(*args, **kwargs)
 
-- 
2.39.5