From e1760e7b506731cda2b570d26ada15cd381766a0 Mon Sep 17 00:00:00 2001 From: j <0x006A@0x2620.org> Date: Mon, 26 Aug 2013 17:05:49 +0000 Subject: [PATCH] get[section], fixes #1834 --- pandora/edit/views.py | 2 +- pandora/itemlist/views.py | 24 ++++++++++++++++++++++++ pandora/text/views.py | 3 +++ static/js/utils.js | 2 +- 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/pandora/edit/views.py b/pandora/edit/views.py index 42052112..3dbe1a4d 100644 --- a/pandora/edit/views.py +++ b/pandora/edit/views.py @@ -204,8 +204,8 @@ def getEdit(request): ''' data = json.loads(request.POST['data']) if 'id' in data: - edit = get_edit_or_404_json(data['id']) response = json_response() + edit = get_edit_or_404_json(data['id']) if edit.accessible(request.user): response['data'] = edit.json(user=request.user) else: diff --git a/pandora/itemlist/views.py b/pandora/itemlist/views.py index 85453677..88952448 100644 --- a/pandora/itemlist/views.py +++ b/pandora/itemlist/views.py @@ -119,6 +119,30 @@ def findLists(request): return render_to_json_response(response) actions.register(findLists) +def getList(request): + ''' + takes { + id: listid + } + returns { + id: + section: + ... + } + ''' + data = json.loads(request.POST['data']) + if 'id' in data: + response = json_response() + list = get_list_or_404_json(data['id']) + if list.accessible(request.user): + response['data'] = list.json(user=request.user) + else: + response = json_response(status=403, text='not allowed') + else: + response = json_response(status=404, text='not found') + return render_to_json_response(response) +actions.register(getList) + @login_required_json def addListItems(request): ''' diff --git a/pandora/text/views.py b/pandora/text/views.py index db6731c0..9cb89114 100644 --- a/pandora/text/views.py +++ b/pandora/text/views.py @@ -97,6 +97,9 @@ def getText(request): text = qs[0] else: text = get_text_or_404_json(data['id']) + if not text.accessible(request.user): + text = None + response['status']['code'] = 404 if text: response['data'] = text.json(user=request.user) return render_to_json_response(response) diff --git a/static/js/utils.js b/static/js/utils.js index 8fa9bcbc..6d137733 100644 --- a/static/js/utils.js +++ b/static/js/utils.js @@ -2017,7 +2017,7 @@ pandora.selectList = function() { var id = pandora.user.ui[pandora.user.ui.section.slice(0,-1)], section = Ox.toTitleCase(pandora.user.ui.section.slice(0, -1)); if (id) { - pandora.api['edit' + section]({id: id}, function(result) { + pandora.api['get' + section]({id: id}, function(result) { var folder; if (result.data.id) { folder = result.data.status == 'featured' ? 'featured' : (