from django.views.decorators.http import require_POST
from django.shortcuts import get_object_or_404, render
-from catalogue.models import Document, Template
+from catalogue.models import Document, Template, Category
from dvcs.models import Revision
import nice_diff
from wiki import forms
@never_cache
def editor(request, pk, template_name='wiki/bootstrap.html'):
doc = get_object_or_404(Document, pk=pk, deleted=False)
+ if not doc.can_edit(request.user):
+ return HttpResponseForbidden("Not authorized.")
save_form = forms.DocumentTextSaveForm(user=request.user, prefix="textsave")
text = doc.materialize()
"text_revert": forms.DocumentTextRevertForm(prefix="textrevert"),
"text_publish": forms.DocumentTextPublishForm(prefix="textpublish"),
},
+ 'tag_categories': Category.objects.all(),
'pk': doc.pk,
})
@decorator_from_middleware(GZipMiddleware)
def text(request, doc_id):
doc = get_object_or_404(Document, pk=doc_id, deleted=False)
- # if not doc.book.accessible(request):
- # return HttpResponseForbidden("Not authorized.")
if request.method == 'POST':
+ if not doc.can_edit(request.user):
+ return HttpResponseForbidden("Not authorized.")
form = forms.DocumentTextSaveForm(request.POST, user=request.user, prefix="textsave")
if form.is_valid():
if request.user.is_authenticated():
# else:
# parent = None
stage = form.cleaned_data['stage']
- # tags = [stage] if stage else []
- # publishable = (form.cleaned_data['publishable'] and
- # request.user.has_perm('catalogue.can_pubmark'))
try:
doc.commit(
author=author,
form = forms.DocumentTextRevertForm(request.POST, prefix="textrevert")
if form.is_valid():
doc = get_object_or_404(Document, pk=doc_id, deleted=False)
+ if not doc.can_edit(request.user):
+ return HttpResponseForbidden("Not authorized.")
rev = get_object_or_404(Revision, pk=form.cleaned_data['revision'])
comment = form.cleaned_data['comment']