From 56cc5632de11c20e8a9fb6bc60c8f06ce40604c8 Mon Sep 17 00:00:00 2001 From: Felipe Henrique de Almeida Bormann Date: Mon, 23 Jan 2017 13:27:29 -0300 Subject: [PATCH] made right procedure on redirecting not allowed user on update subject view --- subjects/views.py | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/subjects/views.py b/subjects/views.py index f73125d..07aa354 100644 --- a/subjects/views.py +++ b/subjects/views.py @@ -1,5 +1,5 @@ -from django.shortcuts import render, get_object_or_404 +from django.shortcuts import render, get_object_or_404, redirect from django.views.generic import ListView, CreateView, DeleteView, UpdateView, TemplateView, DetailView from categories.models import Category from django.core.urlresolvers import reverse_lazy @@ -247,6 +247,28 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView): login_url = reverse_lazy("users:login") redirect_field_name = 'next' + def dispatch(self, request, *args, **kwargs): + user = self.request.user + subject = get_object_or_404(Subject, slug = kwargs['slug']) + + if not user.is_staff: + if not user in subject.professor.all() and not user in subject.category.coordinators.all(): + + if request.META.get('HTTP_REFERER'): + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) + else: + + return redirect('subjects:index') + + + + + if request.method.lower() in self.http_method_names: + handler = getattr(self, request.method.lower(), self.http_method_not_allowed) + else: + handler = self.http_method_not_allowed + return handler(request, *args, **kwargs) + def get_context_data(self, **kwargs): context = super(SubjectUpdateView, self).get_context_data(**kwargs) context['title'] = _('Update Subject') -- libgit2 0.21.2