X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/cd19d8c66ad0f11fa19b0038507f094587e9c56d..a74c48a5de6d9a00f76f7c10b41bd4a26691a22f:/apps/wiki/views.py diff --git a/apps/wiki/views.py b/apps/wiki/views.py index 461f1109..da747ccc 100644 --- a/apps/wiki/views.py +++ b/apps/wiki/views.py @@ -20,7 +20,7 @@ from django.utils.translation import ugettext as _ from django.views.decorators.http import require_POST from django.shortcuts import get_object_or_404, render -from catalogue.models import Document, Template +from catalogue.models import Document, Template, Category from dvcs.models import Revision import nice_diff from wiki import forms @@ -55,6 +55,8 @@ def get_history(document): @never_cache def editor(request, pk, template_name='wiki/bootstrap.html'): doc = get_object_or_404(Document, pk=pk, deleted=False) + if not doc.can_edit(request.user): + return HttpResponseForbidden("Not authorized.") save_form = forms.DocumentTextSaveForm(user=request.user, prefix="textsave") text = doc.materialize() @@ -80,6 +82,7 @@ def editor(request, pk, template_name='wiki/bootstrap.html'): "text_revert": forms.DocumentTextRevertForm(prefix="textrevert"), "text_publish": forms.DocumentTextPublishForm(prefix="textpublish"), }, + 'tag_categories': Category.objects.all(), 'pk': doc.pk, }) @@ -88,10 +91,10 @@ def editor(request, pk, template_name='wiki/bootstrap.html'): @decorator_from_middleware(GZipMiddleware) def text(request, doc_id): doc = get_object_or_404(Document, pk=doc_id, deleted=False) - # if not doc.book.accessible(request): - # return HttpResponseForbidden("Not authorized.") if request.method == 'POST': + if not doc.can_edit(request.user): + return HttpResponseForbidden("Not authorized.") form = forms.DocumentTextSaveForm(request.POST, user=request.user, prefix="textsave") if form.is_valid(): if request.user.is_authenticated(): @@ -105,9 +108,6 @@ def text(request, doc_id): # else: # parent = None stage = form.cleaned_data['stage'] - # tags = [stage] if stage else [] - # publishable = (form.cleaned_data['publishable'] and - # request.user.has_perm('catalogue.can_pubmark')) try: doc.commit( author=author, @@ -156,6 +156,8 @@ def revert(request, doc_id): form = forms.DocumentTextRevertForm(request.POST, prefix="textrevert") if form.is_valid(): doc = get_object_or_404(Document, pk=doc_id, deleted=False) + if not doc.can_edit(request.user): + return HttpResponseForbidden("Not authorized.") rev = get_object_or_404(Revision, pk=form.cleaned_data['revision']) comment = form.cleaned_data['comment']