only the moderator of a constituency should be able to create an office for that constituency

everyvote / everyvote_mini

Election information app for university student governments and other organizations

www.everyvote.org

1 stars 0 forks source link

only the moderator of a constituency should be able to create an office for that constituency #32

Closed mitchdowney closed 11 years ago

mitchdowney commented 11 years ago

Currently anyone can edit the office page of any constituency.

Currently anyone can access the OfficeCreateView and create an office for that constituency.

mitchdowney commented 11 years ago

fixed

office.py

# CREATE OFFICE
class OfficeCreateView(CreateView):
    model = Office
    form_class = OfficeForm
    template_name = 'office_create.html'

    def form_valid(self, form):
        if not form.instance.constituency.moderators.get(id = self.request.user.id).pk == self.request.user.id:
            raise Http404 # maybe you'll need to write a middleware to catch 403's same way
        f = form.save(commit=False)
        f.save()
        return super(OfficeCreateView, self).form_valid(form)