X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/cd19d8c66ad0f11fa19b0038507f094587e9c56d..1b9ba95da190a11d915fc910b62fdfc9d6dca356:/apps/wiki/views.py

diff --git a/apps/wiki/views.py b/apps/wiki/views.py
index 461f1109..da747ccc 100644
--- a/apps/wiki/views.py
+++ b/apps/wiki/views.py
@@ -20,7 +20,7 @@ from django.utils.translation import ugettext as _
 from django.views.decorators.http import require_POST
 from django.shortcuts import get_object_or_404, render
 
-from catalogue.models import Document, Template
+from catalogue.models import Document, Template, Category
 from dvcs.models import Revision
 import nice_diff
 from wiki import forms
@@ -55,6 +55,8 @@ def get_history(document):
 @never_cache
 def editor(request, pk, template_name='wiki/bootstrap.html'):
     doc = get_object_or_404(Document, pk=pk, deleted=False)
+    if not doc.can_edit(request.user):
+        return HttpResponseForbidden("Not authorized.")
 
     save_form = forms.DocumentTextSaveForm(user=request.user, prefix="textsave")
     text = doc.materialize()
@@ -80,6 +82,7 @@ def editor(request, pk, template_name='wiki/bootstrap.html'):
             "text_revert": forms.DocumentTextRevertForm(prefix="textrevert"),
             "text_publish": forms.DocumentTextPublishForm(prefix="textpublish"),
         },
+        'tag_categories': Category.objects.all(),
         'pk': doc.pk,
     })
 
@@ -88,10 +91,10 @@ def editor(request, pk, template_name='wiki/bootstrap.html'):
 @decorator_from_middleware(GZipMiddleware)
 def text(request, doc_id):
     doc = get_object_or_404(Document, pk=doc_id, deleted=False)
-    # if not doc.book.accessible(request):
-    #     return HttpResponseForbidden("Not authorized.")
 
     if request.method == 'POST':
+        if not doc.can_edit(request.user):
+            return HttpResponseForbidden("Not authorized.")
         form = forms.DocumentTextSaveForm(request.POST, user=request.user, prefix="textsave")
         if form.is_valid():
             if request.user.is_authenticated():
@@ -105,9 +108,6 @@ def text(request, doc_id):
             # else:
             #     parent = None
             stage = form.cleaned_data['stage']
-            # tags = [stage] if stage else []
-            # publishable = (form.cleaned_data['publishable'] and
-            #                request.user.has_perm('catalogue.can_pubmark'))
             try:
                 doc.commit(
                     author=author,
@@ -156,6 +156,8 @@ def revert(request, doc_id):
     form = forms.DocumentTextRevertForm(request.POST, prefix="textrevert")
     if form.is_valid():
         doc = get_object_or_404(Document, pk=doc_id, deleted=False)
+        if not doc.can_edit(request.user):
+            return HttpResponseForbidden("Not authorized.")
         rev = get_object_or_404(Revision, pk=form.cleaned_data['revision'])
 
         comment = form.cleaned_data['comment']