From 60fd8cd113fd638eb207067048d662168ec6a61b Mon Sep 17 00:00:00 2001
From: Scott Baker <smbaker@gmail.com>
Date: Wed, 21 May 2014 18:02:44 -0700
Subject: [PATCH] refuse to customize a read-only use

---
 planetstack/core/plus/views.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/planetstack/core/plus/views.py b/planetstack/core/plus/views.py
index 9b26e51..4dcca79 100644
--- a/planetstack/core/plus/views.py
+++ b/planetstack/core/plus/views.py
@@ -13,7 +13,7 @@ from hpc.models import ContentProvider
 from operator import attrgetter
 from django import template
 from django.views.decorators.csrf import csrf_exempt
-from django.http import HttpResponse, HttpResponseServerError
+from django.http import HttpResponse, HttpResponseServerError, HttpResponseForbidden
 from django.core import urlresolvers
 from django.contrib.gis.geoip import GeoIP
 from ipware.ip import get_ip
@@ -729,6 +729,9 @@ class DashboardAnalyticsAjaxView(View):
 
 class DashboardCustomize(View):
     def post(self, request, *args, **kwargs):
+        if request.user.isReadOnlyUser():
+            return HttpResponseForbidden("User is in read-only mode")
+
         dashboards = request.POST.get("dashboards", None)
         if not dashboards:
             dashboards=[]
@@ -742,5 +745,5 @@ class DashboardCustomize(View):
             udbv = UserDashboardView(user=request.user, dashboardView=dashboard, order=i)
             udbv.save()
 
-        return HttpResponse("updated")
+        return HttpResponse(json.dumps("Success"), mimetype='application/javascript')
 
-- 
2.47.0