projects
/
matthijs
/
projects
/
xerxes.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
219a8c8
)
* Disallow adding influences for other users' characters.
author
Matthijs Kooijman
<matthijs@stdio.flexvps.nl>
Fri, 8 Feb 2008 22:22:43 +0000
(23:22 +0100)
committer
Matthijs Kooijman
<matthijs@stdio.flexvps.nl>
Fri, 8 Feb 2008 22:22:43 +0000
(23:22 +0100)
influences/views.py
patch
|
blob
|
history
diff --git
a/influences/views.py
b/influences/views.py
index 341c9a3dc696161cf36bffee8a640a5946dcece6..51cfb495692fb9b6c6b71671eed1a0c10fe00206 100644
(file)
--- a/
influences/views.py
+++ b/
influences/views.py
@@
-5,7
+5,7
@@
from django.template import RequestContext
from django.utils.translation import ugettext as _
from django.contrib.auth.models import User
from django.core.urlresolvers import reverse
from django.utils.translation import ugettext as _
from django.contrib.auth.models import User
from django.core.urlresolvers import reverse
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect
, HttpResponseForbidden
from django.views.generic.list_detail import object_detail, object_list
from ee.influences.models import Character
from ee.influences.models import Influence
from django.views.generic.list_detail import object_detail, object_list
from ee.influences.models import Character
from ee.influences.models import Influence
@@
-36,8
+36,13
@@
def add(request, character_id=None):
f = InfluenceForm(request=request, initial=initial)
if (f.is_valid()):
f = InfluenceForm(request=request, initial=initial)
if (f.is_valid()):
- influence = f.save()
- return HttpResponseRedirect(reverse('influences_influence_detail', args=[influence.id]))
+ influence = f.save(commit=False)
+ if (influence.character.player == request.user):
+ influence.save()
+ return HttpResponseRedirect(reverse('influences_influence_detail', args=[influence.id]))
+ else:
+ # TODO: Make this a bit more pretty. Perhaps throw an exception here and add some middleware to catch it?
+ return HttpResponseForbidden("Forbidden -- Trying to submit influence for somebody else's character")
# Only allow characters of the current user
f.fields['character']._set_queryset(chars)
# Only allow characters of the current user
f.fields['character']._set_queryset(chars)