# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+from django.core.exceptions import PermissionDenied
from django.http import Http404
from django.views.generic import CreateView, DeleteView, DetailView, ListView, UpdateView, TemplateView
model = Note
def get(self, request, *args, **kwargs):
+ note = self.get_object()
if kwargs.get('year'):
# check date does match
- note = self.get_object()
creation = self.get_object().creation_timestamp
if (creation.year, creation.month, creation.day) != (
int(kwargs['year']),
int(kwargs['day']),
):
raise Http404()
+ if not note.published and not request.user.is_staff:
+ raise PermissionDenied()
return super(NoteView, self).get(request, *args, **kwargs)
class NoteEditView(UpdateView):
model = Note
- fields = ['title', 'slug', 'text', 'tags']
+ fields = ['title', 'slug', 'text', 'tags', 'published']
class NoteAddView(CreateView):
model = Note
- fields = ['title', 'slug', 'text', 'tags']
+ fields = ['title', 'slug', 'text', 'tags', 'published']
class NoteDeleteView(DeleteView):
model = Note
def get_queryset(self):
- return Note.objects.filter(tags__name__in=[self.kwargs['tag']])
+ qs = Note.objects.filter(tags__name__in=[self.kwargs['tag']])
+ if not self.request.user.is_staff:
+ qs = qs.filter(published=True)
+ return qs