From ff9a207bfb9264f9c4e55ccc0546174e09b9c942 Mon Sep 17 00:00:00 2001 From: "Bc. Petr Pecha" Date: Thu, 25 Aug 2016 12:08:07 +0200 Subject: [PATCH] korektury | prirazeni autora podle prihlaseni kdyz prihlaseny neni organizator vrati 403 --- korektury/views.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/korektury/views.py b/korektury/views.py index d6d126e4..50636831 100644 --- a/korektury/views.py +++ b/korektury/views.py @@ -3,8 +3,9 @@ from django.shortcuts import get_object_or_404, render from django.views import generic from django.utils.translation import ugettext as _ from django.conf import settings +from django.http import HttpResponseForbidden -from .models import Oprava,Komentar,KorekturovanePDF +from .models import Oprava,Komentar,KorekturovanePDF, Organizator from .forms import OpravaForm import subprocess @@ -29,14 +30,17 @@ class KorekturyView(generic.TemplateView): form = self.form_class(request.POST) q = request.POST scroll = q.get('scroll') - autor = q.get('au') + # prirazeni autora podle prihlaseni + autor_user = request.user + # pokud existuje ucet (user), ale neni to organizator = 403 + autor = Organizator.objects.filter(user=autor_user).first() if not autor: - autor = 'anonym' + return HttpResponseForbidden() + if not scroll: scroll = 0 - action = q.get('action') if (action == u''): # Přidej x = int(q.get('x')) @@ -141,6 +145,7 @@ class KorekturyView(generic.TemplateView): context['opravy'] = opravy context['zasluhy'] = zasluhy return context + def form_valid(self,form): return super(KorekturyView,self).form_valid(form)