X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/6c42fa79857901ddc1c7044d4478f52a6b454014..03ac012472fcaa2c0d8011ff8e71a2d861d75575:/apps/wiki/views.py

diff --git a/apps/wiki/views.py b/apps/wiki/views.py
index 5128b569..6a5f2ac5 100644
--- a/apps/wiki/views.py
+++ b/apps/wiki/views.py
@@ -55,6 +55,8 @@ def get_history(document):
 @never_cache
 def editor(request, pk, template_name='wiki/bootstrap.html'):
     doc = get_object_or_404(Document, pk=pk, deleted=False)
+    if not doc.can_edit(request.user):
+        return HttpResponseForbidden("Not authorized.")
 
     save_form = forms.DocumentTextSaveForm(user=request.user, prefix="textsave")
     text = doc.materialize()
@@ -69,7 +71,8 @@ def editor(request, pk, template_name='wiki/bootstrap.html'):
             'version': len(history),
             'revision': revision.pk,
             'stage': doc.stage,
-            'assignment': str(doc.assigned_to),
+            'stage_name': doc.stage_name(),
+            'assignment': doc.assigned_to.username if doc.assigned_to else None,
         }),
         'serialized_templates': json.dumps([
             {'id': t.id, 'name': t.name, 'content': t.content} for t in Template.objects.filter(is_partial=True)
@@ -87,10 +90,10 @@ def editor(request, pk, template_name='wiki/bootstrap.html'):
 @decorator_from_middleware(GZipMiddleware)
 def text(request, doc_id):
     doc = get_object_or_404(Document, pk=doc_id, deleted=False)
-    # if not doc.book.accessible(request):
-    #     return HttpResponseForbidden("Not authorized.")
 
     if request.method == 'POST':
+        if not doc.can_edit(request.user):
+            return HttpResponseForbidden("Not authorized.")
         form = forms.DocumentTextSaveForm(request.POST, user=request.user, prefix="textsave")
         if form.is_valid():
             if request.user.is_authenticated():
@@ -120,11 +123,11 @@ def text(request, doc_id):
                 from traceback import print_exc
                 print_exc()
                 raise
-            # revision = doc.revision()
             return JSONResponse({
                 'text': None,  # doc.materialize() if parent_revision != revision else None,
-                # 'version': revision,
-                # 'stage': doc.stage.name if doc.stage else None,
+                'version': len(get_history(doc)),
+                'stage': doc.stage,
+                'stage_name': doc.stage_name(),
                 'assignment': doc.assigned_to.username if doc.assigned_to else None
             })
         else:
@@ -155,6 +158,8 @@ def revert(request, doc_id):
     form = forms.DocumentTextRevertForm(request.POST, prefix="textrevert")
     if form.is_valid():
         doc = get_object_or_404(Document, pk=doc_id, deleted=False)
+        if not doc.can_edit(request.user):
+            return HttpResponseForbidden("Not authorized.")
         rev = get_object_or_404(Revision, pk=form.cleaned_data['revision'])
 
         comment = form.cleaned_data['comment']
@@ -177,8 +182,11 @@ def revert(request, doc_id):
         )
 
         return JSONResponse({
-            # 'document': None, #doc.materialize() if before != doc.revision else None,
-            # 'version': doc.revision(),
+            'document': doc.materialize(),
+            'version': len(get_history(doc)),
+            'stage': doc.stage,
+            'stage_name': doc.stage_name(),
+            'assignment': doc.assigned_to.username if doc.assigned_to else None,
         })
     else:
         return JSONFormInvalid(form)