X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=influences%2Fviews.py;h=51cfb495692fb9b6c6b71671eed1a0c10fe00206;hb=483829feb4f219b31afebaf1d5f7136dfcc05a18;hp=6c4865340264b5654a64a09d43d537160d7516ba;hpb=2984c52e602c1ced45bc4172182d826c64ef1240;p=matthijs%2Fprojects%2Fxerxes.git

diff --git a/influences/views.py b/influences/views.py
index 6c48653..51cfb49 100644
--- a/influences/views.py
+++ b/influences/views.py
@@ -5,7 +5,8 @@ from django.template import RequestContext
 from django.utils.translation import ugettext as _
 from django.contrib.auth.models import User
 from django.core.urlresolvers import reverse
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, HttpResponseForbidden
+from django.views.generic.list_detail import object_detail, object_list
 from ee.influences.models import Character
 from ee.influences.models import Influence
 from ee.tools.forms import ContextModelForm
@@ -35,8 +36,13 @@ def add(request, character_id=None):
 
     f = InfluenceForm(request=request, initial=initial)
     if (f.is_valid()):
-        influence = f.save()
-        return HttpResponseRedirect(reverse('influences_influence_detail', args=[influence.id]))
+        influence = f.save(commit=False)
+	if (influence.character.player == request.user):
+		influence.save()
+		return HttpResponseRedirect(reverse('influences_influence_detail', args=[influence.id]))
+	else:
+		# TODO: Make this a bit more pretty. Perhaps throw an exception here and add some middleware to catch it?
+		return HttpResponseForbidden("Forbidden -- Trying to submit influence for somebody else's character")
      
     # Only allow characters of the current user
     f.fields['character']._set_queryset(chars)
@@ -59,3 +65,15 @@ def index(request):
     characters = request.user.character_set.all()
     influences = Influence.objects.filter(character__in=characters)
     return render_to_response('influences/index.html', {'characters' : characters, 'influences' : influences}, RequestContext(request))
+
+@login_required
+def character_list(*args, **kwargs):
+    return object_list(*args, **kwargs)
+
+@login_required
+def character_detail(*args, **kwargs):
+    return object_detail(*args, **kwargs)
+
+@login_required
+def influence_detail(*args, **kwargs):
+    return object_detail(*args, **kwargs)