- fix upload for non admin users

- fix https test - give permission denied warning if upload is not working
2012-09-08 17:03:59 +02:00 · 2012-09-08 17:03:59 +02:00 · e5107d8610
commit e5107d8610
parent 084fde7b67
3 changed files with 15 additions and 5 deletions
--- a/pandora/archive/models.py
+++ b/pandora/archive/models.py
@ -182,8 +182,10 @@ class File(models.Model):
        return srt

    def editable(self, user):
-        return user.get_profile().get_level() == 'admin' or \
-               self.instances.filter(volume__user=user).count() > 0
+        p = user.get_profile()
+        return p.get_level() in ('admin', 'staff') or \
+            self.instances.filter(volume__user=user).count() > 0 or \
+            self.item.user == user

    def save_chunk(self, chunk, chunk_id=-1, done=False):
        if not self.available:
--- a/pandora/archive/views.py
+++ b/pandora/archive/views.py
@ -263,6 +263,8 @@ def firefogg_upload(request):
                    'result': 1
                }
                return render_to_json_response(response)
+            else:
+                response = json_response(status=404, text='permission denied')
    response = json_response(status=400, text='this request requires POST')
    return render_to_json_response(response)