Fixed API permissions, and removed unnecessary data from the events api (it now only gives information available to non-keyholders - the rest wasn't used anyway).

This now means the web-calendar view works for non-keyholders
2026-01-17 05:22:16 +00:00 · 2015-06-28 22:54:58 +01:00
parent 338694248e
commit d497e6729f
2 changed files with 4 additions and 25 deletions
--- a/RIGS/urls.py
+++ b/RIGS/urls.py
@@ -145,8 +145,8 @@ urlpatterns = patterns('',
                       url(r'^ical/(?P<api_pk>\d+)/(?P<api_key>\w+)/rigs.ics$', api_key_required(ical.CalendarICS()), name="ics_calendar"),

                       # API
-                       url(r'^api/(?P<model>\w+)/$', (views.SecureAPIRequest.as_view()), name="api_secure"),
-                       url(r'^api/(?P<model>\w+)/(?P<pk>\d+)/$', (views.SecureAPIRequest.as_view()), name="api_secure"),
+                       url(r'^api/(?P<model>\w+)/$', login_required(views.SecureAPIRequest.as_view()), name="api_secure"),
+                       url(r'^api/(?P<model>\w+)/(?P<pk>\d+)/$', login_required(views.SecureAPIRequest.as_view()), name="api_secure"),

                       # Legacy URL's
                       url(r'^rig/show/(?P<pk>\d+)/$', RedirectView.as_view(permanent=True,pattern_name='event_detail')),
--- a/RIGS/views.py
+++ b/RIGS/views.py
@@ -221,8 +221,8 @@ class SecureAPIRequest(generic.View):
        'venue': 'RIGS.view_venue',
        'person': 'RIGS.view_person',
        'organisation': 'RIGS.view_organisation',
-        'profile': None,
-        'event': 'RIGS.view_event',
+        'profile': 'RIGS.view_profile',
+        'event': None,
    }

    '''
@@ -331,27 +331,6 @@ class SecureAPIRequest(generic.View):
                if item.access_at:
                    data['access_at'] = item.access_at.strftime('%Y-%m-%dT%H:%M:%SZ')
                
-                if item.venue:
-                    data['venue'] = item.venue.name
-
-                if item.person:
-                    data['person'] = item.person.name
-
-                if item.organisation:
-                    data['organisation'] = item.organisation.name
-
-                if item.mic:
-                    data['mic'] = {
-                        'name':item.mic.get_full_name(),
-                        'initials':item.mic.initials
-                    }
-
-                if item.description:
-                    data['description'] = item.description
-
-                if item.notes:
-                    data['notes'] = item.notes
-
                data['url'] = str(reverse_lazy('event_detail',kwargs={'pk':item.pk}))

                results.append(data)