@never_cache
def editor(request, pk, template_name='wiki/bootstrap.html'):
doc = get_object_or_404(Document, pk=pk, deleted=False)
+ if not doc.can_edit(request.user):
+ return HttpResponseForbidden("Not authorized.")
save_form = forms.DocumentTextSaveForm(user=request.user, prefix="textsave")
text = doc.materialize()
'revision': revision.pk,
'stage': doc.stage,
'stage_name': doc.stage_name(),
- 'assignment': str(doc.assigned_to),
+ 'assignment': doc.assigned_to.username if doc.assigned_to else None,
}),
'serialized_templates': json.dumps([
{'id': t.id, 'name': t.name, 'content': t.content} for t in Template.objects.filter(is_partial=True)
@decorator_from_middleware(GZipMiddleware)
def text(request, doc_id):
doc = get_object_or_404(Document, pk=doc_id, deleted=False)
- # if not doc.book.accessible(request):
- # return HttpResponseForbidden("Not authorized.")
if request.method == 'POST':
+ if not doc.can_edit(request.user):
+ return HttpResponseForbidden("Not authorized.")
form = forms.DocumentTextSaveForm(request.POST, user=request.user, prefix="textsave")
if form.is_valid():
if request.user.is_authenticated():
from traceback import print_exc
print_exc()
raise
- # revision = doc.revision()
return JSONResponse({
'text': None, # doc.materialize() if parent_revision != revision else None,
- # 'version': revision,
+ 'version': len(get_history(doc)),
'stage': doc.stage,
'stage_name': doc.stage_name(),
'assignment': doc.assigned_to.username if doc.assigned_to else None
form = forms.DocumentTextRevertForm(request.POST, prefix="textrevert")
if form.is_valid():
doc = get_object_or_404(Document, pk=doc_id, deleted=False)
+ if not doc.can_edit(request.user):
+ return HttpResponseForbidden("Not authorized.")
rev = get_object_or_404(Revision, pk=form.cleaned_data['revision'])
comment = form.cleaned_data['comment']
)
return JSONResponse({
- # 'document': None, #doc.materialize() if before != doc.revision else None,
- # 'version': doc.revision(),
+ 'document': doc.materialize(),
+ 'version': len(get_history(doc)),
+ 'stage': doc.stage,
+ 'stage_name': doc.stage_name(),
+ 'assignment': doc.assigned_to.username if doc.assigned_to else None,
})
else:
return JSONFormInvalid(form)