From 6efa5b7900dcbcb7d1462404102d68f1b44308bd Mon Sep 17 00:00:00 2001 From: j Date: Wed, 16 Aug 2023 17:40:42 +0200 Subject: [PATCH] future items should not be public --- app/item/views.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/app/item/views.py b/app/item/views.py index 029257e..8944b55 100644 --- a/app/item/views.py +++ b/app/item/views.py @@ -8,7 +8,7 @@ from django.shortcuts import render from django.db.models import Q from django.utils.html import mark_safe from django.conf import settings -from django.http import HttpResponse +from django.http import HttpResponse, Http404 from . import models from . import tasks @@ -19,6 +19,10 @@ from ..utils import default_context TS_FORMAT = "%Y-%m-%dT%H:%M:%S" +def get_now(): + return timezone.make_aware(datetime.now(), timezone.get_default_timezone()) + + def index(request): context = default_context(request) now = request.GET.get("now") @@ -26,7 +30,7 @@ def index(request): now = datetime.strptime(now, TS_FORMAT) now = timezone.make_aware(now, timezone.get_default_timezone()) elif request.user.is_staff: - now = timezone.make_aware(datetime.now(), timezone.get_default_timezone()) + now = get_now() else: now = None week, archive = models.Item.public(now) @@ -50,6 +54,10 @@ def archive(request): def item(request, id): context = default_context(request) item = models.Item.objects.get(id=id) + if not request.user.is_staff and ( + not item.published or item.published >= get_now() + ): + raise Http404 context['item'] = item qs = item.comments.order_by('created') if not request.user.is_staff: @@ -82,7 +90,7 @@ def comment(request): if request.user.is_authenticated: comment.user = request.user if comment.user.has_perm('app.item.can_post_comment'): - comment.published = timezone.now() + comment.published = get_now() else: comment.name = data['name'] comment.email = data['email'] @@ -100,7 +108,7 @@ def publish_comment(request): data = json.loads(request.body) if request.user.is_staff: comment = models.Comment.objects.get(id=data['comment']) - comment.published = timezone.now() + comment.published = get_now() comment.save() if comment.data.get("moderator_ts"): account = settings.SIGNAL_ACCOUNT