Commit ac7e5779c0b176bc0ad23a4ee332e468109aab99
1 parent
3a60e9f9
Exists in
master
and in
39 other branches
Only allowing user to edit his own profile
Showing
2 changed files
with
7 additions
and
0 deletions
Show diff stats
src/accounts/views.py
| ... | ... | @@ -8,6 +8,7 @@ from django.views.generic import DetailView, UpdateView |
| 8 | 8 | from django.utils.translation import ugettext as _ |
| 9 | 9 | from django.shortcuts import render, redirect |
| 10 | 10 | from django.core.urlresolvers import reverse |
| 11 | +from django.core.exceptions import PermissionDenied | |
| 11 | 12 | |
| 12 | 13 | from colab.deprecated import solrutils |
| 13 | 14 | from colab.deprecated import signup as signup_ |
| ... | ... | @@ -30,7 +31,12 @@ class UserProfileUpdateView(UserProfileBaseMixin, UpdateView): |
| 30 | 31 | def get_success_url(self): |
| 31 | 32 | return reverse('user_profile', kwargs={'username': self.object.username}) |
| 32 | 33 | |
| 34 | + def get_object(self, *args, **kwargs): | |
| 35 | + obj = super(UserProfileUpdateView, self).get_object(*args, **kwargs) | |
| 36 | + if self.request.user != obj: | |
| 37 | + raise PermissionDenied | |
| 33 | 38 | |
| 39 | + return obj | |
| 34 | 40 | |
| 35 | 41 | class UserProfileDetailView(UserProfileBaseMixin, DetailView): |
| 36 | 42 | template_name = 'accounts/user_detail.html' | ... | ... |
src/colab/custom_settings.py
| ... | ... | @@ -181,6 +181,7 @@ FEEDZILLA_SITE_DESCRIPTION = gettext(u'Colab blog aggregator') |
| 181 | 181 | ### BrowserID / Persona |
| 182 | 182 | SITE_URL = 'https://colab.interlegis.leg.br' |
| 183 | 183 | |
| 184 | +LOGIN_URL = '/' | |
| 184 | 185 | LOGIN_REDIRECT_URL = '/' |
| 185 | 186 | LOGIN_REDIRECT_URL_FAILURE = '/' |
| 186 | 187 | LOGOUT_REDIRECT_URL = '/' | ... | ... |