X-Git-Url: https://git.0d.be/?p=chloro.git;a=blobdiff_plain;f=chloro%2Fphyll%2Fviews.py;fp=chloro%2Fphyll%2Fviews.py;h=b8598dc1180f2ead84dc9f40901924fd46ea6602;hp=f645f39bfba269f9ae8993f4581351a008b053b6;hb=34d500560508bd019e0fb28c5e45cd731dbb7569;hpb=b9f9b77184b8d1e24416e3392855e42bbb2fdef9 diff --git a/chloro/phyll/views.py b/chloro/phyll/views.py index f645f39..b8598dc 100644 --- a/chloro/phyll/views.py +++ b/chloro/phyll/views.py @@ -14,6 +14,7 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +from django.core.exceptions import PermissionDenied from django.http import Http404 from django.views.generic import CreateView, DeleteView, DetailView, ListView, UpdateView, TemplateView @@ -24,9 +25,9 @@ class NoteView(DetailView): model = Note def get(self, request, *args, **kwargs): + note = self.get_object() if kwargs.get('year'): # check date does match - note = self.get_object() creation = self.get_object().creation_timestamp if (creation.year, creation.month, creation.day) != ( int(kwargs['year']), @@ -34,17 +35,19 @@ class NoteView(DetailView): int(kwargs['day']), ): raise Http404() + if not note.published and not request.user.is_staff: + raise PermissionDenied() return super(NoteView, self).get(request, *args, **kwargs) class NoteEditView(UpdateView): model = Note - fields = ['title', 'slug', 'text', 'tags'] + fields = ['title', 'slug', 'text', 'tags', 'published'] class NoteAddView(CreateView): model = Note - fields = ['title', 'slug', 'text', 'tags'] + fields = ['title', 'slug', 'text', 'tags', 'published'] class NoteDeleteView(DeleteView): @@ -62,4 +65,7 @@ class ListOnTagView(ListView): model = Note def get_queryset(self): - return Note.objects.filter(tags__name__in=[self.kwargs['tag']]) + qs = Note.objects.filter(tags__name__in=[self.kwargs['tag']]) + if not self.request.user.is_staff: + qs = qs.filter(published=True) + return qs