Commit ac7e5779c0b176bc0ad23a4ee332e468109aab99

Authored by Sergio Oliveira
1 parent 3a60e9f9

Only allowing user to edit his own profile

src/accounts/views.py
... ... @@ -8,6 +8,7 @@ from django.views.generic import DetailView, UpdateView
8 8 from django.utils.translation import ugettext as _
9 9 from django.shortcuts import render, redirect
10 10 from django.core.urlresolvers import reverse
  11 +from django.core.exceptions import PermissionDenied
11 12  
12 13 from colab.deprecated import solrutils
13 14 from colab.deprecated import signup as signup_
... ... @@ -30,7 +31,12 @@ class UserProfileUpdateView(UserProfileBaseMixin, UpdateView):
30 31 def get_success_url(self):
31 32 return reverse('user_profile', kwargs={'username': self.object.username})
32 33  
  34 + def get_object(self, *args, **kwargs):
  35 + obj = super(UserProfileUpdateView, self).get_object(*args, **kwargs)
  36 + if self.request.user != obj:
  37 + raise PermissionDenied
33 38  
  39 + return obj
34 40  
35 41 class UserProfileDetailView(UserProfileBaseMixin, DetailView):
36 42 template_name = 'accounts/user_detail.html'
... ...
src/colab/custom_settings.py
... ... @@ -181,6 +181,7 @@ FEEDZILLA_SITE_DESCRIPTION = gettext(u'Colab blog aggregator')
181 181 ### BrowserID / Persona
182 182 SITE_URL = 'https://colab.interlegis.leg.br'
183 183  
  184 +LOGIN_URL = '/'
184 185 LOGIN_REDIRECT_URL = '/'
185 186 LOGIN_REDIRECT_URL_FAILURE = '/'
186 187 LOGOUT_REDIRECT_URL = '/'
... ...