Conservancy/symposion_app
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed team membership views to work non-POST

Browse source
This commit is contained in:
Brian Rosner 2012-09-15 17:32:43 -06:00
parent 7c102aefa3
commit bb2ffd2df0
1 changed files with 37 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
symposion/teams/views.py
View file

@ -1,4 +1,4 @@
from django.http import Http404 from django.http import Http404, HttpResponseNotAllowed
from django.shortcuts import render, redirect, get_object_or_404 from django.shortcuts import render, redirect, get_object_or_404
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
@ -140,7 +140,8 @@ def team_apply(request, slug):
@login_required @login_required
def team_promote(request, pk): def team_promote(request, pk):
if request.method == "POST": if request.method != "POST":
return HttpResponseNotAllowed(["POST"])
membership = get_object_or_404(Membership, pk=pk) membership = get_object_or_404(Membership, pk=pk)
state = membership.team.get_state_for_user(request.user) state = membership.team.get_state_for_user(request.user)
if request.user.is_staff or state == "manager": if request.user.is_staff or state == "manager":
@ -153,7 +154,8 @@ def team_promote(request, pk):
@login_required @login_required
def team_demote(request, pk): def team_demote(request, pk):
if request.method == "POST": if request.method != "POST":
return HttpResponseNotAllowed(["POST"])
membership = get_object_or_404(Membership, pk=pk) membership = get_object_or_404(Membership, pk=pk)
state = membership.team.get_state_for_user(request.user) state = membership.team.get_state_for_user(request.user)
if request.user.is_staff or state == "manager": if request.user.is_staff or state == "manager":
@ -166,7 +168,8 @@ def team_demote(request, pk):
@login_required @login_required
def team_accept(request, pk): def team_accept(request, pk):
if request.method == "POST": if request.method != "POST":
return HttpResponseNotAllowed(["POST"])
membership = get_object_or_404(Membership, pk=pk) membership = get_object_or_404(Membership, pk=pk)
state = membership.team.get_state_for_user(request.user) state = membership.team.get_state_for_user(request.user)
if request.user.is_staff or state == "manager": if request.user.is_staff or state == "manager":
@ -179,7 +182,8 @@ def team_accept(request, pk):
@login_required @login_required
def team_reject(request, pk): def team_reject(request, pk):
if request.method == "POST": if request.method != "POST":
return HttpResponseNotAllowed(["POST"])
membership = get_object_or_404(Membership, pk=pk) membership = get_object_or_404(Membership, pk=pk)
state = membership.team.get_state_for_user(request.user) state = membership.team.get_state_for_user(request.user)
if request.user.is_staff or state == "manager": if request.user.is_staff or state == "manager":