mirror: Check whether the user is a recipient by id.

(imported from commit e50f0b00d8e3cb00fdc7af3872b5adc38c432dcc)
2012-11-15 15:35:23 -05:00 · 2012-11-15 15:35:23 -05:00 · 5230382e4d
parent 4fe089e1ce
commit 5230382e4d
1 changed files with 4 additions and 3 deletions
--- a/zephyr/views.py
+++ b/zephyr/views.py
@ -567,9 +567,6 @@ def send_message_backend(request, user_profile, client_name,
        recipient = Recipient.objects.get(type_id=stream.id, type=Recipient.STREAM)
    elif message_type_name == 'private':
        pm_recipients = extract_recipients(request)
-        if client_name == "zephyr_mirror":
-            if user_profile.user.email not in pm_recipients and not forged:
-                return json_error("User not authorized for this query")

        recipient_profile_ids = set()
        for recipient in pm_recipients:
@ -580,6 +577,10 @@ def send_message_backend(request, user_profile, client_name,
            except UserProfile.DoesNotExist:
                return json_error("Invalid email '%s'" % (recipient,))

+        if client_name == "zephyr_mirror":
+            if user_profile.id not in recipient_profile_ids and not forged:
+                return json_error("User not authorized for this query")
+
        # If the private message is just between the sender and
        # another person, force it to be a personal internally
        if (len(recipient_profile_ids) == 2