From ff9a207bfb9264f9c4e55ccc0546174e09b9c942 Mon Sep 17 00:00:00 2001
From: "Bc. Petr Pecha" <nejlepsitextovyeditorjevim@gmail.com>
Date: Thu, 25 Aug 2016 12:08:07 +0200
Subject: [PATCH] korektury | prirazeni autora podle prihlaseni

kdyz prihlaseny neni organizator vrati 403
---
 korektury/views.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/korektury/views.py b/korektury/views.py
index d6d126e4..50636831 100644
--- a/korektury/views.py
+++ b/korektury/views.py
@@ -3,8 +3,9 @@ from django.shortcuts import get_object_or_404, render
 from django.views import generic
 from django.utils.translation import ugettext as _
 from django.conf import settings
+from django.http import HttpResponseForbidden
 
-from .models import Oprava,Komentar,KorekturovanePDF
+from .models import Oprava,Komentar,KorekturovanePDF, Organizator
 from .forms import OpravaForm
 
 import subprocess
@@ -29,14 +30,17 @@ class KorekturyView(generic.TemplateView):
         form = self.form_class(request.POST)
         q = request.POST
         scroll = q.get('scroll')
-        autor = q.get('au')
 
+        # prirazeni autora podle prihlaseni
+        autor_user = request.user
+        # pokud existuje ucet (user), ale neni to organizator = 403
+        autor = Organizator.objects.filter(user=autor_user).first()
         if not autor:
-            autor = 'anonym'
+            return HttpResponseForbidden()
+
         if not scroll:
             scroll = 0
 
-
         action = q.get('action')
         if (action == u''):  # Přidej
             x = int(q.get('x'))
@@ -141,6 +145,7 @@ class KorekturyView(generic.TemplateView):
         context['opravy'] = opravy
         context['zasluhy'] = zasluhy
         return context
+
     def form_valid(self,form):
         return super(KorekturyView,self).form_valid(form)