From c1b246c3b59945ea92c4e321f07f9f3532b868f8 Mon Sep 17 00:00:00 2001
From: yackob03 <jacob.moshenko@gmail.com>
Date: Mon, 4 Nov 2013 19:11:01 -0500
Subject: [PATCH] Remove a TODO and make sure a user is part of an org to get
 access to typeahead information for an org.

---
 endpoints/api.py | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/endpoints/api.py b/endpoints/api.py
index 3e188f765..7f901262c 100644
--- a/endpoints/api.py
+++ b/endpoints/api.py
@@ -202,14 +202,15 @@ def get_matching_entities(prefix):
   organization_name = request.args.get('organization', None)
   organization = None
   if organization_name:
-    try:
-      organization = model.get_organization(organization_name)
-    except:
-      pass
+    permission = OrganizationMemberPermission(organization_name)
+    if permission.can():
+      try:
+        organization = model.get_organization(organization_name)
+      except:
+        pass
 
-    if organization:
-      # TODO: ensure that the user has access to the organization
-      teams = model.get_matching_teams(prefix, organization)
+      if organization:
+        teams = model.get_matching_teams(prefix, organization)
 
   users = model.get_matching_users(prefix, organization)
 
@@ -221,8 +222,6 @@ def get_matching_entities(prefix):
     }
 
   def user_view(user):
-    # TODO: Return whether the user is outside the organization (if one is
-    # specified)
     return {
       'name': user.username,
       'kind': 'user',