Commits

Sam Toyer  committed 440cf5f

Do some extra checking in the delete handler.

  • Participants
  • Parent commits bb21864

Comments (0)

Files changed (1)

File qxsite/views.py

     """
     @functools.wraps(func)
     def authenticated_func(self, *args, **kwargs):
-        if not self.get_current_user():
+        if not self.current_user:
             self.flash("You need to be logged in to view this page")
             self.set_status(403)
             self.redirect(self.reverse_url('LoginHandler'))
 
 class LoginHandler(BaseHandler):
     def get(self):
-        if self.get_current_user():
+        if self.current_user:
             self.flash("You are already logged in. Please log out before logging back in.")
         self.render("login.html", title="Login")
 
             self.redirect(self.reverse_url('PostDetailHandler', pid))
             return
         post_data = BlogPost(pid)
-        if not post_data.exists:
-            raise HTTPError(404)
+        if not model.exists or not self.current_user.uname == model.meta['author']:
+            raise HTTPError(500)
         post_data.destroy()
         self.flash("Post #%s destroyed successfully." % pid)
         self.redirect(self.reverse_url('IndexHandler'))
         model = BlogPost(pid)
         if not model.exists:
             raise HTTPError(404)
-        if not self.get_current_user().uname == model.meta['author']:
+        if not self.current_user.uname == model.meta['author']:
             flash('You are only allowed to edit posts which you have authored')
             self.set_status(403)
             self.redirect(reverse_url('PostDetailHandler', pid))
     @authenticated
     def post(self, pid):
         model = BlogPost(pid)
-        if not model.exists or not self.get_current_user().uname == model.meta['author']:
+        if not model.exists or not self.current_user.uname == model.meta['author']:
             raise HTTPError(500)
         args = self.request.arguments
         modified = False
         else:
             tags = []
         new_model = BlogPost()
-        new_model.set_author(self.get_current_user().uname)
+        new_model.set_author(self.current_user.uname)
         if not verify_title(title):
             self.flash("That title is either already in use or does not meet\
                     length and content requirements. Titles between two and\