1 files changed, 21 insertions, 7 deletions

diff --git a/archaeological_files/views.py b/archaeological_files/views.py
index 50f3a86d2..e7307e882 100644
--- a/archaeological_files/views.py
+++ b/archaeological_files/views.py
@@ -22,16 +22,12 @@ import re
 
 from django.core.urlresolvers import reverse
 from django.db.models import Q
-from django.http import HttpResponse
-from django.shortcuts import redirect, render
+from django.http import HttpResponse, Http404, HttpResponseRedirect
+from django.shortcuts import redirect
 from django.utils.translation import ugettext_lazy as _
 
 from ishtar_common.views_item import get_item, show_item, revert_item
 
-from archaeological_operations.models import Operation
-from . import models
-
-from ishtar_common.wizards import SearchWizard
 from archaeological_operations.wizards import AdministrativeActDeletionWizard, \
     is_preventive, is_not_preventive
 from .wizards import *
@@ -41,6 +37,8 @@ from archaeological_operations.forms import FinalAdministrativeActDeleteForm
 from ishtar_common.forms import ClosingDateFormSelection
 from . import forms
 
+from ishtar_common.utils import put_session_message
+
 
 RE_YEAR_INDEX = re.compile(r"([1-2][0-9]{3})-([0-9]+)")  # eg.: 2014-123
 
@@ -145,7 +143,23 @@ file_modification_wizard = FileModificationWizard.as_view(
 
 
 def file_modify(request, pk):
-    file_modification_wizard(request)
+    try:
+        file_modification_wizard(request)
+    except IndexError:  # no step available
+        put_session_message(
+            request.session.session_key,
+            _(u"You don't have sufficient permissions to do this action."),
+            'warning'
+        )
+        return HttpResponseRedirect("/")
+
+    q = models.File.objects.filter(pk=pk)
+    if not q.count():
+        raise Http404()
+    item = q.all()[0]
+    if item.locked:
+        raise Http404()
+
     FileModificationWizard.session_set_value(
         request, 'selec-file_modification', 'pk', pk, reset=True)
     return redirect(reverse('file_modification',