From 9e5fde902724ad50a8b79519a798f53c6945e786 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <kleen@cip.ifi.lmu.de>
Date: Tue, 1 Oct 2019 21:32:23 +0200
Subject: [PATCH] fix(course-news): fix permissions

---
 src/Foundation.hs       | 8 ++++----
 templates/course.hamlet | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Foundation.hs b/src/Foundation.hs
index 4f9445f3e..d0420eae5 100644
--- a/src/Foundation.hs
+++ b/src/Foundation.hs
@@ -1129,13 +1129,13 @@ tagAccessPredicate AuthAllocationRegistered = APDB $ \mAuthId route _ -> case ro
   r -> $unsupportedAuthPredicate AuthAllocationRegistered r
 tagAccessPredicate AuthParticipant = APDB $ \mAuthId route _ -> case route of
   CNewsR tid ssh csh cID _ -> maybeT (unauthorizedI MsgUnauthorizedCourseNewsParticipant) $ do
-    uid <- hoistMaybe mAuthId
     nId <- catchIfMaybeT (const True :: CryptoIDError -> Bool) $ decrypt cID
     CourseNews{courseNewsParticipantsOnly} <- $cachedHereBinary nId . MaybeT $ get nId
-    if | courseNewsParticipantsOnly
-         -> exceptT return (const mzero) . hoist lift $ isCourseParticipant tid ssh csh uid
+    if | courseNewsParticipantsOnly -> do
+           uid <- hoistMaybe mAuthId
+           exceptT return (const mzero) . hoist lift $ isCourseParticipant tid ssh csh uid
        | otherwise
-         -> return Authorized
+           -> return Authorized
 
   CourseR tid ssh csh (CUserR cID) -> exceptT return return $ do
     participant <- catchIfMExceptT (const $ unauthorizedI MsgUnauthorizedParticipant) (const True :: CryptoIDError -> Bool) $ decrypt cID
diff --git a/templates/course.hamlet b/templates/course.hamlet
index 8e156bde0..c744a0ef9 100644
--- a/templates/course.hamlet
+++ b/templates/course.hamlet
@@ -1,6 +1,6 @@
 $newline never
 <dl .deflist>
-  $if not (null news) || not visibleNews
+  $if not (null news) || mayCreateNews
     <dt .deflist__dt>
       _{MsgCourseNews}
       $if not visibleNews