search

google-code-export / django-hotclub

Automatically exported from code.google.com/p/django-hotclub
MIT License
0 stars 0 forks source link

clicking on other users avatar loads the 'change avatar form' #157

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. go to any user profile (not your own).
2. hover over the avatar and see the 'replace' link
3. click on the link and you'll be redirected to the 'replace avatar' form.

What is the expected output? What do you see instead?
User's shouldn't be able to change other avatars or see the 'replace' on hover.

What version of the product are you using? On what operating system?
0.7.0dev

Please provide any additional information below.

Original issue reported on code.google.com by Ben.Brow...@gmail.com on 21 Jan 2009 at 10:07

GoogleCodeExporter commented 9 years ago 
Ya thats right. Its a minor bug. Just place an {% if %} loop to check if the 
logged in user is same as other_user 
in the profile.

Patch.

In profile.html template

replace       <a href="{% url avatar_change %}" 
id="avatar_replace">(replace)</a>

with            {% if is_me %}
                          <a href="{% url avatar_change %}" id="avatar_replace">(replace)</a>
               {% endif %}

That makes sure the logged in user only can change his avatar.

Original comment by yash...@gmail.com on 24 Jan 2009 at 8:01

GoogleCodeExporter commented 9 years ago 
Fixed in r1404.

Original comment by bros...@gmail.com on 24 Jan 2009 at 9:18