Verified Commit b1811686 authored by David Haynes's avatar David Haynes 🙆

Remove troublesome check

- causes 500 on prod
- it's pretty stupid anyways, the lazy way out
parent 95fc8208
Pipeline #1523 passed with stages
in 2 minutes and 29 seconds
......@@ -321,7 +321,6 @@ def delete(request, short):
This view deletes a URL if you have the permission to. User must be
logged in and registered, and must also be the owner of the URL.
"""
# Do not allow unapproved users to delete links
if not request.user.registereduser.approved:
return render(request, 'not_registered.html')
......@@ -331,28 +330,14 @@ def delete(request, short):
# If the RegisteredUser is the owner of the URL
if url.owner == request.user.registereduser:
# There are some instances where this request header does not exist, in
# this case we fallback to the insecure method
if request.META.get('HTTP_REFERER') is not None:
# Make sure that the requestee is from the same domain (go.gmu.edu)
if request.META.get('HTTP_REFERER') == request.META.get('HTTP_HOST'):
# remove the URL
url.delete()
# redirect to my_links
return redirect('my_links')
else:
raise PermissionDenied()
# Fallback and delete
else:
# remove the URL
url.delete()
# redirect to my_links
return redirect('my_links')
# remove the URL
url.delete()
# redirect to my_links
return redirect('my_links')
else:
# do not allow them to delete
raise PermissionDenied()
@login_required
def signup(request):
"""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment