From: Matthijs Kooijman <matthijs@stdin.nl>
Date: Sat, 9 Feb 2008 22:59:14 +0000 (+0100)
Subject:  * Don't allow people to view each other's influences and characters.
X-Git-Url: https://git.stderr.nl/gitweb?p=matthijs%2Fprojects%2Fxerxes.git;a=commitdiff_plain;h=1d73f73f278e35bc1717376a7796ca1643d642b2

 * Don't allow people to view each other's influences and characters.
---

diff --git a/influences/views.py b/influences/views.py
index ba8e280..3ff3ca8 100644
--- a/influences/views.py
+++ b/influences/views.py
@@ -74,11 +74,15 @@ def character_list(request):
 @login_required
 def character_detail(request, object_id):
     o = Character.objects.get(pk=object_id)
+    if (o.player != request.user):
+        return HttpResponseForbidden("Forbidden -- Trying to view somebody else's character")
     return render_to_response('influences/character_detail.html', {'object' : o}, RequestContext(request))
 
 @login_required
 def influence_detail(request, object_id):
     o = Influence.objects.get(pk=object_id)
+    if (o.character.player != request.user):
+        return HttpResponseForbidden("Forbidden -- Trying to view influences of somebody else's character")
     return render_to_response('influences/influence_detail.html', {'object' : o}, RequestContext(request))
 
 # vim: set sts=4 sw=4 expandtab: