Commit 6973326d authored by ale's avatar ale

only edit video authors if the user is a reviewer, fixes bug #25

parent 45c7256d
......@@ -146,11 +146,13 @@ class VideoController(BaseController):
# authors
if is_new:
args['authors'] = [h.logged_author().author_id]
audit_fmt = 'Created video %s (%d)'
args['authors'] = [h.logged_author().author_id]
else:
args['authors'] = request.params.get('authors').split(',')
audit_fmt = 'Edited video %s (%d)'
# only modify authors if in group reviewers
if h.in_group('reviewers'):
args['authors'] = request.params.get('authors').split(',')
video.update(admin=h.logged_author().is_admin(), **args)
......
......@@ -43,17 +43,17 @@
% endif
</td>
% if h.logged_author().is_admin():
% if h.in_group('reviewers'):
<% author_ids = [ str(x.author_id) for x in c.video.authors ] %>
<script type="text/javascript">
% if len(author_ids) > 0:
var authors_list = Array('${"','".join(author_ids)}');
% else:
var authors_list = Array();
% endif
</script>
<input id="authors" type="hidden" name="authors" value="${','.join(author_ids)}" />
<% author_ids = [ str(x.author_id) for x in c.video.authors ] %>
<script type="text/javascript">
% if len(author_ids) > 0:
var authors_list = Array('${"','".join(author_ids)}');
% else:
var authors_list = Array();
% endif
</script>
<input id="authors" type="hidden" name="authors" value="${','.join(author_ids)}" />
<td valign="top" width="50%">
<p class="field">
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment