From 56979fa81a50d2d403dbc6793061fff3232d8407 Mon Sep 17 00:00:00 2001
From: tomtom5152 <tom@codedinternet.com>
Date: Thu, 26 Mar 2015 13:19:47 +0000
Subject: [PATCH] Bug fix for #23

---
 RIGS/views.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/RIGS/views.py b/RIGS/views.py
index 6d82cb5c..eb9f0b24 100644
--- a/RIGS/views.py
+++ b/RIGS/views.py
@@ -197,6 +197,14 @@ class SecureAPIRequest(generic.View):
         'profile': models.Profile,
     }
 
+    perms = {
+        'venue': 'RIGS.view_venue',
+        'person': 'RIGS.view_person',
+        'organisation': 'RIGS.view_organisation',
+        'mic': None,
+        'profile': None,
+    }
+
     '''
     Validate the request is allowed based on user permissions.
     Raises 403 if denied.
@@ -205,7 +213,7 @@ class SecureAPIRequest(generic.View):
 
     def __validate__(self, request, key, perm):
         if request.user.is_active:
-            if request.user.is_superuser or request.user.is_staff:
+            if request.user.is_superuser or perm is None:
                 return True
             elif request.user.has_perm(perm):
                 return True
@@ -214,7 +222,7 @@ class SecureAPIRequest(generic.View):
     def get(self, request, model, pk=None, param=None):
         # Request permission validation things
         key = request.GET.get('apikey', None)
-        perm = 'RIGS.view_' + model
+        perm = self.perms[model]
         self.__validate__(request, key, perm)
 
         # Response format where applicable