From d6a59f2e4f3bfa41c573465c93c69cf809227663 Mon Sep 17 00:00:00 2001 From: James Tauber Date: Fri, 31 Aug 2012 01:16:30 -0400 Subject: [PATCH] protect schedule edit views --- symposion/schedule/views.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/symposion/schedule/views.py b/symposion/schedule/views.py index 9a51a9cd..59aecba6 100644 --- a/symposion/schedule/views.py +++ b/symposion/schedule/views.py @@ -1,6 +1,8 @@ from django.http import Http404 from django.shortcuts import render, get_object_or_404, redirect +from django.contrib.auth.decorators import login_required + from symposion.schedule.forms import SlotEditForm from symposion.schedule.models import Schedule, Day, Slot from symposion.schedule.timetable import TimeTable @@ -8,26 +10,35 @@ from symposion.schedule.timetable import TimeTable def schedule_detail(request, slug=None): qs = Schedule.objects.all() + if slug is None: schedule = next(iter(qs), None) if schedule is None: raise Http404() else: schedule = get_object_or_404(qs, slug=slug) + ctx = { "schedule": schedule, } return render(request, "schedule/schedule_detail.html", ctx) +@login_required def schedule_edit(request, slug=None): + + if not request.user.is_staff: + raise Http404() + qs = Schedule.objects.all() + if slug is None: schedule = next(iter(qs), None) if schedule is None: raise Http404() else: schedule = get_object_or_404(qs, slug=slug) + days_qs = Day.objects.filter(schedule=schedule) days = [TimeTable(day) for day in days_qs] form = SlotEditForm() @@ -39,7 +50,12 @@ def schedule_edit(request, slug=None): return render(request, "schedule/schedule_edit.html", ctx) +@login_required def schedule_slot_edit(request, slot_pk): + + if not request.user.is_staff: + raise Http404() + slot = get_object_or_404(Slot, pk=slot_pk) form = SlotEditForm(request.POST)