summaryrefslogtreecommitdiff
path: root/archaeological_context_records/views.py
diff options
context:
space:
mode:
Diffstat (limited to 'archaeological_context_records/views.py')
-rw-r--r--archaeological_context_records/views.py11
1 files changed, 9 insertions, 2 deletions
diff --git a/archaeological_context_records/views.py b/archaeological_context_records/views.py
index 3695617f9..eba1ae8c0 100644
--- a/archaeological_context_records/views.py
+++ b/archaeological_context_records/views.py
@@ -19,6 +19,7 @@
import json
+from django.core.exceptions import PermissionDenied
from django.db.models import Q
from django.http import HttpResponse, HttpResponseRedirect, Http404
from django.shortcuts import render, redirect
@@ -197,9 +198,15 @@ RELATION_FORMSET_EXTRA_FORM = 3
def get_relation_modify(model, model_relation, url_name):
- def _modify_relation(request, pk):
+ def _modify_relation(request, pk, current_right=None):
+ try:
+ item = model.objects.get(pk=pk)
+ except model.DoesNotExist:
+ raise Http404()
+ if "_own_" in current_right:
+ if not item.is_own(request.user):
+ raise PermissionDenied()
formset_class = forms.RecordRelationsFormSet
- item = model.objects.get(pk=pk)
relations = model_relation.objects.filter(left_record_id=pk).all()
items = [
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-16 19:22:48 +0000