From 1d73f73f278e35bc1717376a7796ca1643d642b2 Mon Sep 17 00:00:00 2001 From: Matthijs Kooijman Date: Sat, 9 Feb 2008 23:59:14 +0100 Subject: [PATCH] * Don't allow people to view each other's influences and characters. --- influences/views.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/influences/views.py b/influences/views.py index ba8e280..3ff3ca8 100644 --- a/influences/views.py +++ b/influences/views.py @@ -74,11 +74,15 @@ def character_list(request): @login_required def character_detail(request, object_id): o = Character.objects.get(pk=object_id) + if (o.player != request.user): + return HttpResponseForbidden("Forbidden -- Trying to view somebody else's character") return render_to_response('influences/character_detail.html', {'object' : o}, RequestContext(request)) @login_required def influence_detail(request, object_id): o = Influence.objects.get(pk=object_id) + if (o.character.player != request.user): + return HttpResponseForbidden("Forbidden -- Trying to view influences of somebody else's character") return render_to_response('influences/influence_detail.html', {'object' : o}, RequestContext(request)) # vim: set sts=4 sw=4 expandtab: -- 2.30.2