summaryrefslogtreecommitdiff
path: root/archaeological_operations
diff options
context:
space:
mode:
Diffstat (limited to 'archaeological_operations')
-rw-r--r--archaeological_operations/forms.py20
-rw-r--r--archaeological_operations/views.py26
2 files changed, 43 insertions, 3 deletions
diff --git a/archaeological_operations/forms.py b/archaeological_operations/forms.py
index 5cc544171..1e12c3614 100644
--- a/archaeological_operations/forms.py
+++ b/archaeological_operations/forms.py
@@ -616,7 +616,15 @@ class OperationFormSelection(CustomFormSearch):
cleaned_data = self.cleaned_data
if 'pk' not in cleaned_data or not cleaned_data['pk']:
raise forms.ValidationError(_(u"You should select an operation."))
- return cleaned_data
+ pk = self.cleaned_data["pk"]
+ try:
+ item = models.Operation.objects.get(pk=pk)
+ except models.Operation.DoesNotExist:
+ raise forms.ValidationError(_("Invalid selection."))
+ if item.locked:
+ raise forms.ValidationError(_("This operation is locked for "
+ "edition."))
+ return self.cleaned_data
class OperationCodeInput(forms.TextInput):
@@ -1388,7 +1396,15 @@ class SiteFormSelection(IshtarForm):
cleaned_data = self.cleaned_data
if 'pk' not in cleaned_data or not cleaned_data['pk']:
raise forms.ValidationError(_(u"You should select an item."))
- return cleaned_data
+ pk = self.cleaned_data["pk"]
+ try:
+ item = models.ArchaeologicalSite.objects.get(pk=pk)
+ except models.ArchaeologicalSite.DoesNotExist:
+ raise forms.ValidationError(_("Invalid selection."))
+ if item.locked:
+ raise forms.ValidationError(_("This site is locked for "
+ "edition."))
+ return self.cleaned_data
class SiteForm(CustomForm, ManageOldType):
diff --git a/archaeological_operations/views.py b/archaeological_operations/views.py
index 4563f815e..d8d9f30d5 100644
--- a/archaeological_operations/views.py
+++ b/archaeological_operations/views.py
@@ -307,6 +307,14 @@ def operation_modify(request, pk):
'warning'
)
return HttpResponseRedirect("/")
+
+ q = models.Operation.objects.filter(pk=pk)
+ if not q.count():
+ raise Http404()
+ item = q.all()[0]
+ if item.locked:
+ raise Http404()
+
OperationModificationWizard.session_set_value(
request, 'selec-operation_modification', 'pk', pk, reset=True)
return redirect(reverse('operation_modification',
@@ -392,7 +400,23 @@ site_modification_wizard = SiteModificationWizard.as_view(
def site_modify(request, pk):
- site_modification_wizard(request)
+ try:
+ site_modification_wizard(request)
+ except IndexError: # no step available
+ put_session_message(
+ request.session.session_key,
+ _(u"You don't have sufficient permissions to do this action."),
+ 'warning'
+ )
+ return HttpResponseRedirect("/")
+
+ q = models.ArchaeologicalSite.objects.filter(pk=pk)
+ if not q.count():
+ raise Http404()
+ item = q.all()[0]
+ if item.locked:
+ raise Http404()
+
SiteModificationWizard.session_set_value(
request, 'selec-site_modification', 'pk', pk, reset=True)
return redirect(reverse('site_modification',
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-17 13:11:35 +0000