Download as
Browse Code »

Commit ac7e5779c0b176bc0ad23a4ee332e468109aab99

Authored by Sergio Oliveira
1 parent 3a60e9f9
Exists in master and in 39 other branches 1.12.x, add_requests_as_dep, celery_service, change-passwd-signal, check-port, colab-signals, colab-vcard, colab_search, colab_tag, colab_tag_merge, community_association, detach_super_archives, fix-dashboard, fix-message-preview, fix_app_label, fix_cache_count_spb, fix_header, fixed_gitlab_import, go_to_profile_panel, header_footer, layout-fix, mobile_user_scalable, move_out_plugins, paginate-threads, profile_integration, refactor-data-import, remove-gitlab-plugin, removing_namespace, search_block, search_filters, spb-release/3.0, split_screen, stable, startplugin, timestamp_plugins, translation_review, user_regex, validate-passwd, workin_whoosh_temp

Only allowing user to edit his own profile

Showing 2 changed files with 7 additions and 0 deletions   Show diff stats
src/accounts/views.py
  Diff comments   View file @ac7e577
@@ -8,6 +8,7 @@ from django.views.generic import DetailView, UpdateView @@ -8,6 +8,7 @@ from django.views.generic import DetailView, UpdateView
8 from django.utils.translation import ugettext as _ 8 from django.utils.translation import ugettext as _
9 from django.shortcuts import render, redirect 9 from django.shortcuts import render, redirect
10 from django.core.urlresolvers import reverse 10 from django.core.urlresolvers import reverse
  11 +from django.core.exceptions import PermissionDenied
11 12
12 from colab.deprecated import solrutils 13 from colab.deprecated import solrutils
13 from colab.deprecated import signup as signup_ 14 from colab.deprecated import signup as signup_
@@ -30,7 +31,12 @@ class UserProfileUpdateView(UserProfileBaseMixin, UpdateView): @@ -30,7 +31,12 @@ class UserProfileUpdateView(UserProfileBaseMixin, UpdateView):
30 def get_success_url(self): 31 def get_success_url(self):
31 return reverse('user_profile', kwargs={'username': self.object.username}) 32 return reverse('user_profile', kwargs={'username': self.object.username})
32 33
  34 + def get_object(self, *args, **kwargs):
  35 + obj = super(UserProfileUpdateView, self).get_object(*args, **kwargs)
  36 + if self.request.user != obj:
  37 + raise PermissionDenied
33 38
  39 + return obj
34 40
35 class UserProfileDetailView(UserProfileBaseMixin, DetailView): 41 class UserProfileDetailView(UserProfileBaseMixin, DetailView):
36 template_name = 'accounts/user_detail.html' 42 template_name = 'accounts/user_detail.html'
src/colab/custom_settings.py
  Diff comments   View file @ac7e577
@@ -181,6 +181,7 @@ FEEDZILLA_SITE_DESCRIPTION = gettext(u'Colab blog aggregator') @@ -181,6 +181,7 @@ FEEDZILLA_SITE_DESCRIPTION = gettext(u'Colab blog aggregator')
181 ### BrowserID / Persona 181 ### BrowserID / Persona
182 SITE_URL = 'https://colab.interlegis.leg.br' 182 SITE_URL = 'https://colab.interlegis.leg.br'
183 183
  184 +LOGIN_URL = '/'
184 LOGIN_REDIRECT_URL = '/' 185 LOGIN_REDIRECT_URL = '/'
185 LOGIN_REDIRECT_URL_FAILURE = '/' 186 LOGIN_REDIRECT_URL_FAILURE = '/'
186 LOGOUT_REDIRECT_URL = '/' 187 LOGOUT_REDIRECT_URL = '/'