From dd0bd76b2efdcfa94560090e132732d8b6d48c7d Mon Sep 17 00:00:00 2001 From: Sundaram Dubey <56407566+maze-runnar@users.noreply.github.com> Date: Mon, 26 Oct 2020 13:07:50 +0530 Subject: [PATCH] fix: non-organizer user can't set email null (#7378) Co-authored-by: Areeb Jamal --- app/api/speakers.py | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/app/api/speakers.py b/app/api/speakers.py index e0074fb876..9e8ef71730 100644 --- a/app/api/speakers.py +++ b/app/api/speakers.py @@ -67,9 +67,9 @@ def before_post(self, args, kwargs, data=None): raise ForbiddenError( {'pointer': ''}, 'Speaker with this Email ID already exists' ) - - if data.get('is_email_overridden') and not has_access( - 'is_organizer', event_id=data['event'] + is_organizer = has_access('is_organizer', event_id=data['event']) + if ( + data.get('is_email_overridden') and not is_organizer ): raise ForbiddenError( {'pointer': 'data/attributes/is_email_overridden'}, @@ -77,11 +77,17 @@ def before_post(self, args, kwargs, data=None): ) if ( not data.get('is_email_overridden') - and has_access('is_organizer', event_id=data['event']) + and is_organizer and not data.get('email') ): data['email'] = current_user.email - + if ( + not is_organizer + and not data.get('email') + ): + raise ForbiddenError( + {'pointer': '/data/email'}, 'Email is required for speaker' + ) if 'sessions' in data: session_ids = data['sessions'] for session_id in session_ids: