From e1760e7b506731cda2b570d26ada15cd381766a0 Mon Sep 17 00:00:00 2001
From: j <0x006A@0x2620.org>
Date: Mon, 26 Aug 2013 17:05:49 +0000
Subject: [PATCH] get[section], fixes #1834

---
 pandora/edit/views.py     |  2 +-
 pandora/itemlist/views.py | 24 ++++++++++++++++++++++++
 pandora/text/views.py     |  3 +++
 static/js/utils.js        |  2 +-
 4 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/pandora/edit/views.py b/pandora/edit/views.py
index 42052112..3dbe1a4d 100644
--- a/pandora/edit/views.py
+++ b/pandora/edit/views.py
@@ -204,8 +204,8 @@ def getEdit(request):
     '''
     data = json.loads(request.POST['data'])
     if 'id' in data:
-        edit = get_edit_or_404_json(data['id'])
         response = json_response()
+        edit = get_edit_or_404_json(data['id'])
         if edit.accessible(request.user):
             response['data'] = edit.json(user=request.user)
         else:
diff --git a/pandora/itemlist/views.py b/pandora/itemlist/views.py
index 85453677..88952448 100644
--- a/pandora/itemlist/views.py
+++ b/pandora/itemlist/views.py
@@ -119,6 +119,30 @@ def findLists(request):
     return render_to_json_response(response)
 actions.register(findLists)
 
+def getList(request):
+    '''
+        takes {
+            id: listid
+        }
+        returns {
+            id:
+            section:
+            ...
+        }
+    '''
+    data = json.loads(request.POST['data'])
+    if 'id' in data:
+        response = json_response()
+        list = get_list_or_404_json(data['id'])
+        if list.accessible(request.user):
+            response['data'] = list.json(user=request.user)
+        else:
+            response = json_response(status=403, text='not allowed')
+    else:
+        response = json_response(status=404, text='not found')
+    return render_to_json_response(response)
+actions.register(getList)
+
 @login_required_json
 def addListItems(request):
     '''
diff --git a/pandora/text/views.py b/pandora/text/views.py
index db6731c0..9cb89114 100644
--- a/pandora/text/views.py
+++ b/pandora/text/views.py
@@ -97,6 +97,9 @@ def getText(request):
             text = qs[0]
     else:
         text = get_text_or_404_json(data['id'])
+        if not text.accessible(request.user):
+            text = None
+            response['status']['code'] = 404
     if text:
         response['data'] = text.json(user=request.user)
     return render_to_json_response(response)
diff --git a/static/js/utils.js b/static/js/utils.js
index 8fa9bcbc..6d137733 100644
--- a/static/js/utils.js
+++ b/static/js/utils.js
@@ -2017,7 +2017,7 @@ pandora.selectList = function() {
         var id = pandora.user.ui[pandora.user.ui.section.slice(0,-1)],
             section = Ox.toTitleCase(pandora.user.ui.section.slice(0, -1));
         if (id) {
-            pandora.api['edit' + section]({id: id}, function(result) {
+            pandora.api['get' + section]({id: id}, function(result) {
                 var folder;
                 if (result.data.id) {
                     folder = result.data.status == 'featured' ? 'featured' : (