projects
/
matthijs
/
projects
/
xerxes.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
d482d83
)
* Don't allow people to view each other's influences and characters.
author
Matthijs Kooijman
<matthijs@stdin.nl>
Sat, 9 Feb 2008 22:59:14 +0000
(23:59 +0100)
committer
Matthijs Kooijman
<matthijs@stdin.nl>
Sat, 9 Feb 2008 22:59:14 +0000
(23:59 +0100)
influences/views.py
patch
|
blob
|
history
diff --git
a/influences/views.py
b/influences/views.py
index ba8e280aaa0a2bf177fe4af2e062d17e65f98d5a..3ff3ca83f8e5e2aece4d80fbabd19d6d9df9e2e7 100644
(file)
--- a/
influences/views.py
+++ b/
influences/views.py
@@
-74,11
+74,15
@@
def character_list(request):
@login_required
def character_detail(request, object_id):
o = Character.objects.get(pk=object_id)
@login_required
def character_detail(request, object_id):
o = Character.objects.get(pk=object_id)
+ if (o.player != request.user):
+ return HttpResponseForbidden("Forbidden -- Trying to view somebody else's character")
return render_to_response('influences/character_detail.html', {'object' : o}, RequestContext(request))
@login_required
def influence_detail(request, object_id):
o = Influence.objects.get(pk=object_id)
return render_to_response('influences/character_detail.html', {'object' : o}, RequestContext(request))
@login_required
def influence_detail(request, object_id):
o = Influence.objects.get(pk=object_id)
+ if (o.character.player != request.user):
+ return HttpResponseForbidden("Forbidden -- Trying to view influences of somebody else's character")
return render_to_response('influences/influence_detail.html', {'object' : o}, RequestContext(request))
# vim: set sts=4 sw=4 expandtab:
return render_to_response('influences/influence_detail.html', {'object' : o}, RequestContext(request))
# vim: set sts=4 sw=4 expandtab: