diff --git a/pandora/archive/models.py b/pandora/archive/models.py index 1b254eaf..3a4ff490 100644 --- a/pandora/archive/models.py +++ b/pandora/archive/models.py @@ -182,8 +182,10 @@ class File(models.Model): return srt def editable(self, user): - return user.get_profile().get_level() == 'admin' or \ - self.instances.filter(volume__user=user).count() > 0 + p = user.get_profile() + return p.get_level() in ('admin', 'staff') or \ + self.instances.filter(volume__user=user).count() > 0 or \ + self.item.user == user def save_chunk(self, chunk, chunk_id=-1, done=False): if not self.available: diff --git a/pandora/archive/views.py b/pandora/archive/views.py index 04cfdebc..806e9e9f 100644 --- a/pandora/archive/views.py +++ b/pandora/archive/views.py @@ -263,6 +263,8 @@ def firefogg_upload(request): 'result': 1 } return render_to_json_response(response) + else: + response = json_response(status=404, text='permission denied') response = json_response(status=400, text='this request requires POST') return render_to_json_response(response) diff --git a/static/js/pandora/upload.js b/static/js/pandora/upload.js index fe388340..bd76d554 100644 --- a/static/js/pandora/upload.js +++ b/static/js/pandora/upload.js @@ -39,14 +39,20 @@ pandora.ui.upload = function(oshash, file) { that.progress = -1; done(); } + if (response.status && response.status.code != 200) { + that.status = response.status.text; + that.progress = -1; + done(); + response = {}; + } if (response.maxRetry) { maxRetry = response.maxRetry; } chunkUrl = response.uploadUrl; - if (document.location.protocol == 'https:') { - chunkUrl = chunkUrl.replace(/http:\/\//, 'https://'); - } if (chunkUrl) { + if (document.location.protocol == 'https:') { + chunkUrl = chunkUrl.replace(/http:\/\//, 'https://'); + } that.status = 'uploading'; that.progress = 0.0; //start upload