Commit 48fa0bc6 authored by David Haynes's avatar David Haynes 🙆
Browse files

Form now validates current user (Closes #31)

- clean function added to throw an error if the current user is trying to hack the
signup form
- __init__ added s/t 'request' can be passed and used in clean()
parent b7df8350
......@@ -167,6 +167,21 @@ class SignupForm(forms.ModelForm):
}),
)
def clean_username(self):
# Prevent hax: (non-staff) Users cannot signup for other users
cleaned_data = super(SignupForm, self).clean()
data_username = cleaned_data.get("username")
if not self.request.user.is_staff:
if self.request.user.username not in data_username:
self.add_error('username', "This is not your NetID!")
return data_username
def __init__(self, request, *args, **kwargs):
# Necessary to call request in forms.py, is otherwise restricted to views.py and models.py
self.request = request
super(SignupForm, self).__init__(*args, **kwargs)
class Meta:
model = RegisteredUser
fields = '__all__'
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment