* Replace some tabs by spaces and put a vim modeline in every python file.

[matthijs/projects/xerxes.git] / influences / views.py

diff --git a/influences/views.py b/influences/views.py
index 341c9a3dc696161cf36bffee8a640a5946dcece6..71e69ed98628067b473a1d71b040473af35b2d2c 100644 (file)
--- a/influences/views.py
+++ b/influences/views.py
@@ -5,7 +5,7 @@ from django.template import RequestContext
 from django.utils.translation import ugettext as _
 from django.contrib.auth.models import User
 from django.core.urlresolvers import reverse
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, HttpResponseForbidden
 from django.views.generic.list_detail import object_detail, object_list
 from ee.influences.models import Character
 from ee.influences.models import Influence
@@ -36,8 +36,13 @@ def add(request, character_id=None):
 
     f = InfluenceForm(request=request, initial=initial)
     if (f.is_valid()):
-        influence = f.save()
-        return HttpResponseRedirect(reverse('influences_influence_detail', args=[influence.id]))
+        influence = f.save(commit=False)
+        if (influence.character.player == request.user):
+                influence.save()
+                return HttpResponseRedirect(reverse('influences_influence_detail', args=[influence.id]))
+        else:
+                # TODO: Make this a bit more pretty. Perhaps throw an exception here and add some middleware to catch it?
+                return HttpResponseForbidden("Forbidden -- Trying to submit influence for somebody else's character")
      
     # Only allow characters of the current user
     f.fields['character']._set_queryset(chars)
@@ -72,3 +77,5 @@ def character_detail(*args, **kwargs):
 @login_required
 def influence_detail(*args, **kwargs):
     return object_detail(*args, **kwargs)
+
+# vim: set sts=4 sw=4 expandtab: