Commits

Kai Diefenbach committed bc9b795

Check permissions for cut/copy if one tries to use direct urls

  • Participants
  • Parent commits 67e7f59

Comments (0)

Files changed (1)

File lfc/manage/views.py

 # Cut/Copy and paste #########################################################
 ##############################################################################
 
-@login_required
 def lfc_copy(request, id):
     """Puts the object with passed id into the clipboard.
     """
+    obj = lfc.utils.get_content_object(pk=id)
+    obj.check_permission(request.user, "add")
+
     request.session["clipboard"] = [id]
     request.session["clipboard_action"] = COPY
 
 
     return MessageHttpResponseRedirect(url, msg)
 
-@login_required
 def cut(request, id):
     """Puts the object within passed id into the clipboard and marks action
     as cut.
     """
+    obj = lfc.utils.get_content_object(pk=id)
+    obj.check_permission(request.user, "delete")
+
     request.session["clipboard"] = [id]
     request.session["clipboard_action"] = CUT