* Don't allow people to view each other's influences and characters.

diff --git a/influences/views.py b/influences/views.py
index ba8e280aaa0a2bf177fe4af2e062d17e65f98d5a..3ff3ca83f8e5e2aece4d80fbabd19d6d9df9e2e7 100644 (file)
--- a/influences/views.py
+++ b/influences/views.py
@@ -74,11 +74,15 @@ def character_list(request):
 @login_required
 def character_detail(request, object_id):
     o = Character.objects.get(pk=object_id)
+    if (o.player != request.user):
+        return HttpResponseForbidden("Forbidden -- Trying to view somebody else's character")
     return render_to_response('influences/character_detail.html', {'object' : o}, RequestContext(request))
 
 @login_required
 def influence_detail(request, object_id):
     o = Influence.objects.get(pk=object_id)
+    if (o.character.player != request.user):
+        return HttpResponseForbidden("Forbidden -- Trying to view influences of somebody else's character")
     return render_to_response('influences/influence_detail.html', {'object' : o}, RequestContext(request))
 
 # vim: set sts=4 sw=4 expandtab: