From 0c185f1abbe9abe0d977e1b7d1d3f0440b8d6371 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Tue, 10 Sep 2019 18:02:50 +0200
Subject: Locks: prevent edit actions

---
 archaeological_operations/views.py | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

(limited to 'archaeological_operations/views.py')

diff --git a/archaeological_operations/views.py b/archaeological_operations/views.py
index 4563f815e..d8d9f30d5 100644
--- a/archaeological_operations/views.py
+++ b/archaeological_operations/views.py
@@ -307,6 +307,14 @@ def operation_modify(request, pk):
             'warning'
         )
         return HttpResponseRedirect("/")
+
+    q = models.Operation.objects.filter(pk=pk)
+    if not q.count():
+        raise Http404()
+    item = q.all()[0]
+    if item.locked:
+        raise Http404()
+
     OperationModificationWizard.session_set_value(
         request, 'selec-operation_modification', 'pk', pk, reset=True)
     return redirect(reverse('operation_modification',
@@ -392,7 +400,23 @@ site_modification_wizard = SiteModificationWizard.as_view(
 
 
 def site_modify(request, pk):
-    site_modification_wizard(request)
+    try:
+        site_modification_wizard(request)
+    except IndexError:  # no step available
+        put_session_message(
+            request.session.session_key,
+            _(u"You don't have sufficient permissions to do this action."),
+            'warning'
+        )
+        return HttpResponseRedirect("/")
+
+    q = models.ArchaeologicalSite.objects.filter(pk=pk)
+    if not q.count():
+        raise Http404()
+    item = q.all()[0]
+    if item.locked:
+        raise Http404()
+
     SiteModificationWizard.session_set_value(
         request, 'selec-site_modification', 'pk', pk, reset=True)
     return redirect(reverse('site_modification',
-- 
cgit v1.2.3