[snowy] Enforce public/private setting when viewing another user's notes.
- From: Sanford Armstrong <sharm src gnome org>
- To: svn-commits-list gnome org
- Subject: [snowy] Enforce public/private setting when viewing another user's notes.
- Date: Sun, 24 May 2009 00:42:31 -0400 (EDT)
commit baf5d0bbe85064f1abcad8eef443907a71d120a3
Author: Sandy Armstrong <sanfordarmstrong gmail com>
Date: Sat May 23 13:43:12 2009 -0700
Enforce public/private setting when viewing another user's notes.
---
api/handlers.py | 2 +-
notes/templates/notes/note_detail.html | 4 ++--
notes/views.py | 11 ++++++++---
3 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/api/handlers.py b/api/handlers.py
index 48fcaf3..4b7928f 100644
--- a/api/handlers.py
+++ b/api/handlers.py
@@ -77,7 +77,7 @@ class NotesHandler(BaseHandler):
notes = Note.objects.filter(author=user)
if request.user != user:
- notes.filter(permissions=1) # Public only
+ notes = notes.filter(permissions=1) # Public only
if request.GET.has_key('since'):
notes = notes.filter(last_sync_rev__gt=int(request.GET['since']))
diff --git a/notes/templates/notes/note_detail.html b/notes/templates/notes/note_detail.html
index cfab791..8118e54 100644
--- a/notes/templates/notes/note_detail.html
+++ b/notes/templates/notes/note_detail.html
@@ -8,7 +8,7 @@
<script type="text/javascript" src="{{ MEDIA_URL }}js/jquery.scrollfollow.js" charset="utf-8"></script>
{% endblock %}
-{% block title %}{{ note.title }} | Notes | {{ block.super }}{% endblock %}
+{% block title %}{{ title|safe }} | Notes | {{ block.super }}{% endblock %}
{% block sidebar %}
{{ block.super }}
@@ -39,7 +39,7 @@
<table id="content-layout" cellspacing="0" cellpadding="0">
<tr>
<td id="note">
- <h1>{{ note.title }}</h1>
+ <h1>{{ title|safe }}</h1>
<div id="funcooker">
{{ body|safe }}
</div>
diff --git a/notes/views.py b/notes/views.py
index b665486..8b2625e 100644
--- a/notes/views.py
+++ b/notes/views.py
@@ -31,6 +31,8 @@ def note_index(request, username,
# TODO: retrieve the last open note from the user
last_modified = Note.objects.filter(author=user) \
.order_by('-user_modified')
+ if request.user != user:
+ last_modified = last_modified.filter(permissions=1)
if last_modified.count() > 0:
return HttpResponseRedirect(last_modified[0].get_absolute_url())
@@ -43,8 +45,10 @@ def note_detail(request, username, note_id, slug='',
template_name='notes/note_detail.html'):
user = get_object_or_404(User, username=username)
note = get_object_or_404(Note, pk=note_id, author=user)
+ public = True if request.user == user or note.permissions == 1 else False
- if note.slug != slug:
+ # TODO: Some sort of redirect if !public
+ if public and note.slug != slug:
return HttpResponseRedirect(note.get_absolute_url())
# break this out into a function
@@ -58,7 +62,7 @@ def note_detail(request, username, note_id, slug='',
style = libxslt.parseStylesheetDoc(styledoc)
template = CONTENT_TEMPLATES.get(note.content_version, DEFAULT_CONTENT_TEMPLATE)
- doc = libxml2.parseDoc(template.replace('%%%CONTENT%%%', note.content))
+ doc = libxml2.parseDoc(template.replace('%%%CONTENT%%%', note.content if public else ""))
result = style.applyStylesheet(doc, None)
# libxml2 doesn't munge encodings, so forcibly decode from UTF-8
@@ -76,7 +80,8 @@ def note_detail(request, username, note_id, slug='',
all_notes = all_notes[:settings.SNOWY_LIST_MAX_NOTES]
all_notebooks = NoteTag.objects.filter(author=user, is_notebook=True)[:5]
return render_to_response(template_name,
- {'note': note, 'body': body,
+ {'title': note.title if public else "",
+ 'note': note, 'body': body,
'all_notes': all_notes,
'all_notebooks': all_notebooks},
context_instance=RequestContext(request))
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]