[snowy] If you don't have permissions to view a note, return immediately

From: Brad Taylor <btaylor src gnome org>
To: svn-commits-list gnome org
Subject: [snowy] If you don't have permissions to view a note, return immediately
Date: Mon, 25 May 2009 12:04:59 -0400 (EDT)

commit 52ead9100e0f318b878c81ecc59a155cdf36b456
Author: Brad Taylor <brad getcoded net>
Date:   Sun May 24 17:46:03 2009 -0400

    If you don't have permissions to view a note, return immediately
---
 notes/views.py |   13 +++++++------
 1 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/notes/views.py b/notes/views.py
index 8b2625e..8eb3977 100644
--- a/notes/views.py
+++ b/notes/views.py
@@ -17,8 +17,8 @@
 
 from django.template import RequestContext
 from django.contrib.auth.models import User
-from django.http import HttpResponseRedirect, Http404
 from django.shortcuts import render_to_response, get_object_or_404
+from django.http import HttpResponseRedirect, HttpResponseForbidden, Http404
 
 from snowy.notes.templates import CONTENT_TEMPLATES, DEFAULT_CONTENT_TEMPLATE
 from snowy.notes.models import *
@@ -45,10 +45,11 @@ def note_detail(request, username, note_id, slug='',
                 template_name='notes/note_detail.html'):
     user = get_object_or_404(User, username=username)
     note = get_object_or_404(Note, pk=note_id, author=user)
-    public = True if request.user == user or note.permissions == 1 else False
 
-    # TODO: Some sort of redirect if !public
-    if public and note.slug != slug:
+    if request.user != user and note.permissions == 0:
+        return HttpResponseForbidden()
+        
+    if note.slug != slug:
         return HttpResponseRedirect(note.get_absolute_url())
     
     # break this out into a function
@@ -62,7 +63,7 @@ def note_detail(request, username, note_id, slug='',
         style = libxslt.parseStylesheetDoc(styledoc)
     
         template = CONTENT_TEMPLATES.get(note.content_version, DEFAULT_CONTENT_TEMPLATE)
-        doc = libxml2.parseDoc(template.replace('%%%CONTENT%%%', note.content if public else ""))
+        doc = libxml2.parseDoc(template.replace('%%%CONTENT%%%', note.content))
         result = style.applyStylesheet(doc, None)
 
         # libxml2 doesn't munge encodings, so forcibly decode from UTF-8
@@ -80,7 +81,7 @@ def note_detail(request, username, note_id, slug='',
     all_notes = all_notes[:settings.SNOWY_LIST_MAX_NOTES]
     all_notebooks = NoteTag.objects.filter(author=user, is_notebook=True)[:5]
     return render_to_response(template_name,
-                              {'title': note.title if public else "",
+                              {'title': note.title,
                                'note': note, 'body': body,
                                'all_notes': all_notes,
                                'all_notebooks': all_notebooks},

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]