Commits

Greg Newman committed e296edc

no need for fancy returns. if they don't have permission 404

Comments (0)

Files changed (1)

     expects a slug and expects the user has access to the parent project
     """
 
-    project = get_object_or_404(Project, slug=slug, members=request.user)
     if not request.user.is_staff:
-        if request.user != project.members:
-            request.user.message_set.create(message=_("You are trying to access a project you don't have permission to view!"))
-            return HttpResponseRedirect(reverse('dashboard'))
-     
+        project = get_object_or_404(Project, slug=slug, members=request.user)
+    else:
+        project = get_object_or_404(Project, slug=slug)
+
     corkboards = Corkboard.objects.filter(project=project)
     form = CorkboardForm()
     
     expects a slug and expects the user has access to the parent project
     """
 
-    corkboard = get_object_or_404(Corkboard, slug=slug)
     if not request.user.is_staff:
-        if request.user != corkboard.project.members:
-            request.user.message_set.create(message=_("You are trying to access a project you don't have permission to view!"))
-            return HttpResponseRedirect(reverse('dashboard'))
+        corkboard = get_object_or_404(Corkboard, slug=slug, project__members=request.user)
+    else:
+        corkboard = get_object_or_404(Corkboard, slug=slug)
+
+    #request.user.message_set.create(message=_("You are trying to access a project you don't have permission to view!"))
+    #return HttpResponseRedirect(reverse('dashboard'))
         
     images = Image.objects.filter(corkboard=corkboard)
 
 
     expects an id for the image and the user has access to the parent project
     """
+    if not request.user.is_staff:
+        image = get_object_or_404(Image, pk=id, corkboard__project__members=request.user)
+    else:
+        image = get_object_or_404(Image, pk=id)
 
-    image = get_object_or_404(Image, pk=id)
-    if not request.user.is_staff:
-        if request.user != image.corkboard.project.members:
-            request.user.message_set.create(message=_("You are trying to access a project you don't have permission to view!"))
-            return HttpResponseRedirect(reverse('dashboard'))
     notes = Note.objects.filter(image=image)
     notes_count = notes.count()
     form = NoteForm()
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.