administrative cleanup
[redakcja.git] / apps / wiki / views.py
index e32d975..6a5f2ac 100644 (file)
@@ -55,6 +55,8 @@ def get_history(document):
 @never_cache
 def editor(request, pk, template_name='wiki/bootstrap.html'):
     doc = get_object_or_404(Document, pk=pk, deleted=False)
+    if not doc.can_edit(request.user):
+        return HttpResponseForbidden("Not authorized.")
 
     save_form = forms.DocumentTextSaveForm(user=request.user, prefix="textsave")
     text = doc.materialize()
@@ -70,7 +72,7 @@ def editor(request, pk, template_name='wiki/bootstrap.html'):
             'revision': revision.pk,
             'stage': doc.stage,
             'stage_name': doc.stage_name(),
-            'assignment': str(doc.assigned_to),
+            'assignment': doc.assigned_to.username if doc.assigned_to else None,
         }),
         'serialized_templates': json.dumps([
             {'id': t.id, 'name': t.name, 'content': t.content} for t in Template.objects.filter(is_partial=True)
@@ -88,10 +90,10 @@ def editor(request, pk, template_name='wiki/bootstrap.html'):
 @decorator_from_middleware(GZipMiddleware)
 def text(request, doc_id):
     doc = get_object_or_404(Document, pk=doc_id, deleted=False)
-    # if not doc.book.accessible(request):
-    #     return HttpResponseForbidden("Not authorized.")
 
     if request.method == 'POST':
+        if not doc.can_edit(request.user):
+            return HttpResponseForbidden("Not authorized.")
         form = forms.DocumentTextSaveForm(request.POST, user=request.user, prefix="textsave")
         if form.is_valid():
             if request.user.is_authenticated():
@@ -121,10 +123,9 @@ def text(request, doc_id):
                 from traceback import print_exc
                 print_exc()
                 raise
-            # revision = doc.revision()
             return JSONResponse({
                 'text': None,  # doc.materialize() if parent_revision != revision else None,
-                # 'version': revision,
+                'version': len(get_history(doc)),
                 'stage': doc.stage,
                 'stage_name': doc.stage_name(),
                 'assignment': doc.assigned_to.username if doc.assigned_to else None
@@ -157,6 +158,8 @@ def revert(request, doc_id):
     form = forms.DocumentTextRevertForm(request.POST, prefix="textrevert")
     if form.is_valid():
         doc = get_object_or_404(Document, pk=doc_id, deleted=False)
+        if not doc.can_edit(request.user):
+            return HttpResponseForbidden("Not authorized.")
         rev = get_object_or_404(Revision, pk=form.cleaned_data['revision'])
 
         comment = form.cleaned_data['comment']
@@ -179,8 +182,11 @@ def revert(request, doc_id):
         )
 
         return JSONResponse({
-            # 'document': None, #doc.materialize() if before != doc.revision else None,
-            # 'version': doc.revision(),
+            'document': doc.materialize(),
+            'version': len(get_history(doc)),
+            'stage': doc.stage,
+            'stage_name': doc.stage_name(),
+            'assignment': doc.assigned_to.username if doc.assigned_to else None,
         })
     else:
         return JSONFormInvalid(form)