Download as
Browse Code »

Commit e853ea40c266d8a017bf0ae1d7936aaaabfc2e0e

Authored by Sergio Oliveira
1 parent 2d2122c8
Exists in master and in 39 other branches 1.12.x, add_requests_as_dep, celery_service, change-passwd-signal, check-port, colab-signals, colab-vcard, colab_search, colab_tag, colab_tag_merge, community_association, detach_super_archives, fix-dashboard, fix-message-preview, fix_app_label, fix_cache_count_spb, fix_header, fixed_gitlab_import, go_to_profile_panel, header_footer, layout-fix, mobile_user_scalable, move_out_plugins, paginate-threads, profile_integration, refactor-data-import, remove-gitlab-plugin, removing_namespace, search_block, search_filters, spb-release/3.0, split_screen, stable, startplugin, timestamp_plugins, translation_review, user_regex, validate-passwd, workin_whoosh_temp

Not allowing editing mailing list if not logged

Showing 1 changed file with 8 additions and 0 deletions   Show diff stats
src/accounts/views.py
  Diff comments   View file @e853ea4
@@ -129,6 +129,14 @@ class ManageUserSubscriptionsView(UserProfileBaseMixin, DetailView): @@ -129,6 +129,14 @@ class ManageUserSubscriptionsView(UserProfileBaseMixin, DetailView):
129 http_method_names = [u'get', u'post'] 129 http_method_names = [u'get', u'post']
130 template_name = u'accounts/manage_subscriptions.html' 130 template_name = u'accounts/manage_subscriptions.html'
131 131
  132 + def get_object(self, *args, **kwargs):
  133 + obj = super(ManageUserSubscriptionsView, self).get_object(*args,
  134 + **kwargs)
  135 + if self.request.user != obj and not self.request.user.is_superuser:
  136 + raise PermissionDenied
  137 +
  138 + return obj
  139 +
132 def post(self, request, *args, **kwargs): 140 def post(self, request, *args, **kwargs):
133 user = self.get_object() 141 user = self.get_object()
134 for email in user.emails.values_list('address', flat=True): 142 for email in user.emails.values_list('address', flat=True):