Skip ACL check for rendering widget

Assuming that when somebody shares the widget, he wants it publicly accessible. Also the widget does not leak much information, so privacy wise this does not seem to be dangerous as well. Signed-off-by: Michal Čihař <michal@cihar.com>

Skip ACL check for rendering widget
Assuming that when somebody shares the widget, he wants it publicly accessible. Also the widget does not leak much information, so privacy wise this does not seem to be dangerous as well. Signed-off-by: Michal Čihař <michal@cihar.com>
677d5572 · Michal Čihař · 4f072d48 · 677d5572
Commit 677d5572 authored Nov 10, 2014 by Michal Čihař
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

weblate/trans/views/widgets.py weblate/trans/views/widgets.py +2 -1

No files found.
--- a/weblate/trans/views/widgets.py
+++ b/weblate/trans/views/widgets.py
@@ -118,7 +118,8 @@ def widgets(request, project):
 @cache_page(3600)
 def render_widget(request, project, widget='287x66', color=None, lang=None,
                  extension='png'):
-    obj = get_project(request, project)
+    # We intentionally skip ACL here to allow widget sharing
+    obj = get_project(request, project, skip_acl=True)

    # Handle language parameter
    if lang is not None: