refuse to customize a read-only use

author Scott Baker <smbaker@gmail.com>

Thu, 22 May 2014 01:02:44 +0000 (18:02 -0700)

committer Scott Baker <smbaker@gmail.com>

Thu, 22 May 2014 01:02:44 +0000 (18:02 -0700)
author Scott Baker <smbaker@gmail.com>
Thu, 22 May 2014 01:02:44 +0000 (18:02 -0700)
committer Scott Baker <smbaker@gmail.com>
Thu, 22 May 2014 01:02:44 +0000 (18:02 -0700)
diff --git a/planetstack/core/plus/views.py b/planetstack/core/plus/views.py

index 9b26e51..4dcca79 100644 (file)
--- a/planetstack/core/plus/views.py
+++ b/planetstack/core/plus/views.py
@@ -13,7 +13,7 @@ from hpc.models import ContentProvider
  from operator import attrgetter
  from django import template
  from django.views.decorators.csrf import csrf_exempt
-from django.http import HttpResponse, HttpResponseServerError
+from django.http import HttpResponse, HttpResponseServerError, HttpResponseForbidden
  from django.core import urlresolvers
  from django.contrib.gis.geoip import GeoIP
  from ipware.ip import get_ip
@@ -729,6 +729,9 @@ class DashboardAnalyticsAjaxView(View):
  
  class DashboardCustomize(View):
      def post(self, request, *args, **kwargs):\r
+        if request.user.isReadOnlyUser():\r
+            return HttpResponseForbidden("User is in read-only mode")\r
+\r
          dashboards = request.POST.get("dashboards", None)\r
          if not dashboards:\r
              dashboards=[]\r
@@ -742,5 +745,5 @@ class DashboardCustomize(View):
              udbv = UserDashboardView(user=request.user, dashboardView=dashboard, order=i)\r
              udbv.save()\r
  \r
-        return HttpResponse("updated")\r
+        return HttpResponse(json.dumps("Success"), mimetype='application/javascript')\r
author	Scott Baker <smbaker@gmail.com>
	Thu, 22 May 2014 01:02:44 +0000 (18:02 -0700)
committer	Scott Baker <smbaker@gmail.com>
	Thu, 22 May 2014 01:02:44 +0000 (18:02 -0700)