From ac7e5779c0b176bc0ad23a4ee332e468109aab99 Mon Sep 17 00:00:00 2001
From: Sergio Oliveira <sergio@tracy.com.br>
Date: Tue, 8 Oct 2013 18:40:38 -0300
Subject: [PATCH] Only allowing user to edit his own profile

---
 src/accounts/views.py        | 6 ++++++
 src/colab/custom_settings.py | 1 +
 2 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/src/accounts/views.py b/src/accounts/views.py
index b06c579..51ad4db 100644
--- a/src/accounts/views.py
+++ b/src/accounts/views.py
@@ -8,6 +8,7 @@ from django.views.generic import DetailView, UpdateView
 from django.utils.translation import ugettext as _
 from django.shortcuts import render, redirect
 from django.core.urlresolvers import reverse
+from django.core.exceptions import PermissionDenied
 
 from colab.deprecated import solrutils
 from colab.deprecated import signup as signup_
@@ -30,7 +31,12 @@ class UserProfileUpdateView(UserProfileBaseMixin, UpdateView):
     def get_success_url(self):
         return reverse('user_profile', kwargs={'username': self.object.username})
 
+    def get_object(self, *args, **kwargs):
+        obj = super(UserProfileUpdateView, self).get_object(*args, **kwargs)
+        if self.request.user != obj:
+            raise PermissionDenied
 
+        return obj
 
 class UserProfileDetailView(UserProfileBaseMixin, DetailView):
     template_name = 'accounts/user_detail.html'
diff --git a/src/colab/custom_settings.py b/src/colab/custom_settings.py
index e861472..801fec9 100644
--- a/src/colab/custom_settings.py
+++ b/src/colab/custom_settings.py
@@ -181,6 +181,7 @@ FEEDZILLA_SITE_DESCRIPTION = gettext(u'Colab blog aggregator')
 ### BrowserID / Persona
 SITE_URL = 'https://colab.interlegis.leg.br'
 
+LOGIN_URL = '/'
 LOGIN_REDIRECT_URL = '/'
 LOGIN_REDIRECT_URL_FAILURE = '/'
 LOGOUT_REDIRECT_URL = '/'
--
libgit2 0.21.2