fergalmoran/dss
1
0
Fork 0
mirror of https://github.com/fergalmoran/dss.git synced 2025-12-22 09:38:18 +00:00
Code Issues 13 Packages Projects Releases Wiki Activity

Fixed unauthorised view

Browse Source
This commit is contained in:
Fergal Moran
2014-04-25 21:00:11 +01:00
parent fec91e7f0a
commit 7d3c932140
10 changed files with 54 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
spa/api/v1/MixResource.py
View File

@@ -7,9 +7,11 @@ from django.template.loader import render_to_string
from tastypie import fields
from tastypie.authorization import Authorization
from tastypie.constants import ALL_WITH_RELATIONS
from tastypie.exceptions import ImmediateHttpResponse
from tastypie.fields import ToOneField
from tastypie.http import HttpGone
from tastypie.http import HttpGone, HttpUnauthorized
from tastypie.utils import trailing_slash
from spa.api.v1.BackboneCompatibleResource import BackboneCompatibleResource
from spa.api.v1.CommentResource import CommentResource
from spa.api.v1.ActivityResource import ActivityResource
@@ -150,6 +152,10 @@ class MixResource(BackboneCompatibleResource):
f_user = request.GET.get('user', None)
if request.GET.get('stream'):
if request.user.is_anonymous():
raise ImmediateHttpResponse(
HttpUnauthorized("Only logged in users have a stream")
)
semi_filtered = semi_filtered.filter(
user__in=request.user.get_profile().following.all())
if f_user is not None:

1
static/js/app/appv2.coffee
View File

@@ -48,6 +48,7 @@ define ['backbone', 'marionette', 'vent', 'utils', 'underscore',
App.addInitializer ->
@listenTo vent, "app:login", ->
console.log "App(vent): app:login"
utils.modal "/dlg/LoginView"
true

1
static/js/app/appv2.js
View File

@@ -47,6 +47,7 @@
});
App.addInitializer(function() {
this.listenTo(vent, "app:login", function() {
console.log("App(vent): app:login");
utils.modal("/dlg/LoginView");
return true;
});

4
static/js/app/lib/utils.coffee
View File

@@ -1,5 +1,6 @@
define ['jquery', 'bootstrap', 'toastr'], ($, bootstrap, toastr) ->
modal: (url) ->
return if $('#modal-header').length
if url
if url.indexOf("#") is 0
$(url).modal "open"
@@ -8,9 +9,6 @@ define ['jquery', 'bootstrap', 'toastr'], ($, bootstrap, toastr) ->
$(data).modal().on "hidden", ->
$(this).remove()
true
$(data).proceed().on "hidden", ->
alert("Go on so")
true
).success ->
$("input:text:visible:first").focus()
true

9
static/js/app/lib/utils.js
View File

@@ -4,19 +4,18 @@
define(['jquery', 'bootstrap', 'toastr'], function($, bootstrap, toastr) {
return {
modal: function(url) {
if ($('#modal-header').length) {
return;
}
if (url) {
if (url.indexOf("#") === 0) {
$(url).modal("open");
} else {
$.get(url, function(data) {
$(data).modal().on("hidden", function() {
return $(data).modal().on("hidden", function() {
$(this).remove();
return true;
});
return $(data).proceed().on("hidden", function() {
alert("Go on so");
return true;
});
}).success(function() {
$("input:text:visible:first").focus();
return true;

55
static/js/app/site.js
View File

@@ -6,7 +6,7 @@
Code provided under the BSD License:
*/
define(['jquery'], function ($) {
define(['jquery', 'vent'], function ($, vent) {
$(document).ready(function () {
if (window.location.hash == '#_=_') {
@@ -91,27 +91,38 @@ define(['jquery'], function ($) {
});
$.ajaxSetup({
beforeSend: function(xhr, settings) {
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
}
beforeSend: function (xhr, settings) {
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
},
statusCode: {
401: function () {
vent.trigger('app:login');
window.location.replace('/');
},
403: function () {
vent.trigger('app:denied');
window.location.replace('/');
}
}
});
if (com.podnoms.settings.isDebug) {

1
static/js/app/views/mix/mixListView.coffee
View File

@@ -4,6 +4,7 @@ define ['marionette', 'vent', 'models/mix/mixCollection', 'views/mix/mixItemView
template: _.template(Template)
className: "mix-listing audio-listing"
emptyView: Marionette.ItemView.extend(template: "#mix-empty-view")
itemView: MixItemView
itemViewContainer: "#mix-list-container-ul"

4
static/js/app/views/mix/mixListView.js
View File

@@ -18,6 +18,10 @@
MixListView.prototype.className = "mix-listing audio-listing";
MixListView.prototype.emptyView = Marionette.ItemView.extend({
template: "#mix-empty-view"
});
MixListView.prototype.itemView = MixItemView;
MixListView.prototype.itemViewContainer = "#mix-list-container-ul";

2
templates/views/LoginView.html
View File

@@ -1,6 +1,6 @@
{% load account %}
{% load socialaccount %}
<div class="modal-header">
<div class="modal-header" id="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h3>Login to Deep South Sounds</h3>
</div>

1
templates/views/MixListView.html
View File

@@ -1 +1,2 @@
<ul id="mix-list-container-ul" class="mix-listing audio-listing"></ul>
<div id="#mix-empty-view">No items to display</div>