From 60fd8cd113fd638eb207067048d662168ec6a61b Mon Sep 17 00:00:00 2001 From: Scott Baker Date: Wed, 21 May 2014 18:02:44 -0700 Subject: [PATCH] refuse to customize a read-only use --- planetstack/core/plus/views.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/planetstack/core/plus/views.py b/planetstack/core/plus/views.py index 9b26e51..4dcca79 100644 --- a/planetstack/core/plus/views.py +++ b/planetstack/core/plus/views.py @@ -13,7 +13,7 @@ from hpc.models import ContentProvider from operator import attrgetter from django import template from django.views.decorators.csrf import csrf_exempt -from django.http import HttpResponse, HttpResponseServerError +from django.http import HttpResponse, HttpResponseServerError, HttpResponseForbidden from django.core import urlresolvers from django.contrib.gis.geoip import GeoIP from ipware.ip import get_ip @@ -729,6 +729,9 @@ class DashboardAnalyticsAjaxView(View): class DashboardCustomize(View): def post(self, request, *args, **kwargs): + if request.user.isReadOnlyUser(): + return HttpResponseForbidden("User is in read-only mode") + dashboards = request.POST.get("dashboards", None) if not dashboards: dashboards=[] @@ -742,5 +745,5 @@ class DashboardCustomize(View): udbv = UserDashboardView(user=request.user, dashboardView=dashboard, order=i) udbv.save() - return HttpResponse("updated") + return HttpResponse(json.dumps("Success"), mimetype='application/javascript') -- 2.45.2