Commit ac7e5779c0b176bc0ad23a4ee332e468109aab99
1 parent
3a60e9f9
Exists in
master
and in
39 other branches
Only allowing user to edit his own profile
Showing
2 changed files
with
7 additions
and
0 deletions
Show diff stats
src/accounts/views.py
... | ... | @@ -8,6 +8,7 @@ from django.views.generic import DetailView, UpdateView |
8 | 8 | from django.utils.translation import ugettext as _ |
9 | 9 | from django.shortcuts import render, redirect |
10 | 10 | from django.core.urlresolvers import reverse |
11 | +from django.core.exceptions import PermissionDenied | |
11 | 12 | |
12 | 13 | from colab.deprecated import solrutils |
13 | 14 | from colab.deprecated import signup as signup_ |
... | ... | @@ -30,7 +31,12 @@ class UserProfileUpdateView(UserProfileBaseMixin, UpdateView): |
30 | 31 | def get_success_url(self): |
31 | 32 | return reverse('user_profile', kwargs={'username': self.object.username}) |
32 | 33 | |
34 | + def get_object(self, *args, **kwargs): | |
35 | + obj = super(UserProfileUpdateView, self).get_object(*args, **kwargs) | |
36 | + if self.request.user != obj: | |
37 | + raise PermissionDenied | |
33 | 38 | |
39 | + return obj | |
34 | 40 | |
35 | 41 | class UserProfileDetailView(UserProfileBaseMixin, DetailView): |
36 | 42 | template_name = 'accounts/user_detail.html' | ... | ... |
src/colab/custom_settings.py
... | ... | @@ -181,6 +181,7 @@ FEEDZILLA_SITE_DESCRIPTION = gettext(u'Colab blog aggregator') |
181 | 181 | ### BrowserID / Persona |
182 | 182 | SITE_URL = 'https://colab.interlegis.leg.br' |
183 | 183 | |
184 | +LOGIN_URL = '/' | |
184 | 185 | LOGIN_REDIRECT_URL = '/' |
185 | 186 | LOGIN_REDIRECT_URL_FAILURE = '/' |
186 | 187 | LOGOUT_REDIRECT_URL = '/' | ... | ... |