Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
SRCT
go
Commits
d4be5db1
Commit
d4be5db1
authored
Dec 20, 2013
by
Jean Michel Rouly
Browse files
Returns a 403 permission forbidden when deleting links that aren't yours.
parent
5e2c452a
Changes
3
Hide whitespace changes
Inline
Side-by-side
go/go/views.py
View file @
d4be5db1
...
...
@@ -4,7 +4,7 @@ from datetime import timedelta
from
django.http
import
Http404
from
django.utils
import
timezone
from
django.contrib.auth.models
import
User
from
django.core.exceptions
import
ValidationError
from
django.core.exceptions
import
PermissionDenied
from
django.contrib.auth.decorators
import
login_required
from
django.shortcuts
import
render
,
get_object_or_404
,
redirect
...
...
@@ -59,24 +59,23 @@ def success(request):
# My-Links page.
@
login_required
def
my_links
(
request
,
permission
=
True
):
def
my_links
(
request
):
links
=
URL
.
objects
.
filter
(
owner
=
request
.
user
)
return
render
(
request
,
'my_links.html'
,
{
'links'
:
links
,
'permission'
:
permission
,
},
)
# Delete link page.
@
login_required
def
delete
(
request
,
short
):
url
=
URL
.
object
s
.
get
(
short
=
short
)
url
=
get_
object
_or_404
(
URL
,
short
=
short
)
if
url
.
owner
==
request
.
user
:
url
.
delete
()
return
redirect
(
'my_links'
)
else
:
r
eturn
my_links
(
request
,
p
ermission
=
False
)
r
aise
P
ermission
Denied
(
)
# About page, static.
def
about
(
request
):
...
...
go/settings/urls.py
View file @
d4be5db1
...
...
@@ -18,7 +18,7 @@ urlpatterns = patterns('go.views',
url
(
r
'^signup/?$'
,
'signup'
,
name
=
'signup'
),
# /my - My-Links page, view and review links.
url
(
r
'^my/?$'
,
'my_links'
,
{
'permission'
:
True
},
name
=
'my_links'
),
url
(
r
'^my/?$'
,
'my_links'
,
name
=
'my_links'
),
# /delete - Delete a link, no content display.
url
(
r
'^delete/(?P<short>\w+)$'
,
'delete'
,
name
=
'delete'
),
...
...
go/templates/my_links.html
View file @
d4be5db1
...
...
@@ -8,10 +8,6 @@ Go - A URL Shortener
{% block content %}
{% if not permission %}
<p
class=
"error"
>
That link does not belong to you!
</p>
{% endif %}
{% if links %}
<div
id=
"mylinks"
>
{% for link in links %}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment