From 044fc61be24ea895dc36df2a91e83c6e9005f976 Mon Sep 17 00:00:00 2001
From: Zev Benjamin <zev@humbughq.com>
Date: Thu, 10 Jan 2013 14:47:25 -0500
Subject: [PATCH] Restrict the get_public_streams query to non-MIT or
 superusers

(imported from commit ede1dff6176e6a39da126948ce307941e6dffaec)
---
 zephyr/views.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/zephyr/views.py b/zephyr/views.py
index 1135dd6a47..a6aa24be64 100644
--- a/zephyr/views.py
+++ b/zephyr/views.py
@@ -755,6 +755,9 @@ def json_get_public_streams(request, user_profile):
     return get_public_streams_backend(request, user_profile)
 
 def get_public_streams_backend(request, user_profile):
+    if user_profile.realm.domain == "mit.edu" and not is_super_user_api(request):
+        return json_error("User not authorized for this query")
+
     # Only get streams someone is currently subscribed to
     subs_filter = Subscription.objects.filter(active=True).values('recipient_id')
     stream_ids = Recipient.objects.filter(