X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=influences%2Fviews.py;h=e741605e9acad8e94efb4f96552c1ea2daa85c0f;hb=1cd59e8549989819ba961a440edd0fafd662d1a9;hp=35ee02ef921227f8faf626fb355ad031c8422440;hpb=6ddbd39b9bfb49ffeb8e444b3cbe23a378cd36f2;p=matthijs%2Fprojects%2Fxerxes.git

diff --git a/influences/views.py b/influences/views.py
index 35ee02e..e741605 100644
--- a/influences/views.py
+++ b/influences/views.py
@@ -24,9 +24,9 @@ def add_influence(request, character_id=None):
     # If a character_id was specified in the url, or there is only one
     # character, preselect it.
     if (character_id):
-        initial['character'] = character_id
+        initial['initiator'] = character_id
     elif (chars.count() == 1):
-        initial['character'] = chars[0].id
+        initial['initiator'] = chars[0].id
 
 
     f = InfluenceForm(request=request, initial=initial)
@@ -34,7 +34,7 @@ def add_influence(request, character_id=None):
     # Only allow characters of the current user. Putting this here also
     # ensures that a form will not validate when any other choice was
     # selected (perhaps through URL crafting).
-    f.fields['character']._set_queryset(chars)
+    f.fields['initiator']._set_queryset(chars)
 
     if (f.is_valid()):
         # The form was submitted, let's save it.
@@ -59,7 +59,7 @@ def add_character(request):
 def index(request):
     # Only show this player's characters and influences
     characters = request.user.character_set.all()
-    influences = Influence.objects.filter(character__player=request.user)
+    influences = Influence.objects.filter(initiator__player=request.user)
     return render_to_response('influences/index.html', {'characters' : characters, 'influences' : influences}, RequestContext(request))
 
 #
@@ -79,14 +79,14 @@ def character_list(request):
 def character_detail(request, object_id):
     o = Character.objects.get(pk=object_id)
     # Don't show other player's characters
-    if (o.player != request.user):
+    if (not request.user.is_staff and o.player != request.user):
         return HttpResponseForbidden("Forbidden -- Trying to view somebody else's character")
     return render_to_response('influences/character_detail.html', {'object' : o}, RequestContext(request))
 
 @login_required
 def influence_list(request):
     # Only show this player's influences
-    os = Influence.objects.filter(character__player=request.user)
+    os = Influence.objects.filter(initiator__player=request.user)
     return render_to_response('influences/influence_list.html', {'object_list' : os}, RequestContext(request))
 
 def influence_comment_preview(request, context_processors, extra_context, **kwargs):
@@ -101,8 +101,8 @@ def influence_detail(request, object_id):
 
     o = Influence.objects.get(pk=object_id)
     # Don't show other player's influences
-    if (o.character.player != request.user):
-        return HttpResponseForbidden("Forbidden -- Trying to view influences of somebody else's character")
+    if (not request.user.is_staff and not request.user in o.related_players):
+        return HttpResponseForbidden("Forbidden -- Trying to view influences you are not involved in.")
 
     # Show all comments to staff, but only public comments to other
     # users