if not account:
raise tornado.web.HTTPError(404, "Could not find account %s" % uid)
+ # Check for permissions
+ if not account.can_be_managed_by(self.current_user):
+ raise tornado.web.HTTPError(403, "%s cannot manage %s" % (self.current_user, account))
+
if date:
try:
date = datetime.datetime.strptime(date, "%Y-%m-%d").date()
if not account:
raise tornado.web.HTTPError(404, "Could not find account %s" % uid)
+ # Check for permissions
+ if not account.can_be_managed_by(self.current_user):
+ raise tornado.web.HTTPError(403, "%s cannot manage %s" % (self.current_user, account))
+
call = self.backend.talk.freeswitch.get_call_by_uuid(uuid)
if not call:
raise tornado.web.HTTPError(404, "Could not find call %s" % uuid)