# HG changeset patch # User Lennard de Rijk # Date 1247589873 -7200 # Node ID 7faecb7f27658e3d81ca7597fd8af23174329d45 # Parent c6d1c9ccef4a3ce05e5cb9f45c6131755d704ab3 Fixed issue where GradingSurveyRecords from another group could be edited. diff -r c6d1c9ccef4a -r 7faecb7f2765 app/soc/views/models/grading_survey_group.py --- a/app/soc/views/models/grading_survey_group.py Tue Jul 14 18:36:16 2009 +0200 +++ b/app/soc/views/models/grading_survey_group.py Tue Jul 14 18:44:33 2009 +0200 @@ -316,7 +316,6 @@ context['message'] = ('Updating StudentProjects successfully started. ' 'And sending out e-mail with the results.') - list_params = params.copy() list_params['logic'] = record_logic list_params['list_heading'] = params['records_heading_template'] @@ -389,6 +388,14 @@ return responses.errorResponse( error, request, template=params['error_public']) + survey_group_key_name = survey_group_logic.getKeyNameFromFields(kwargs) + record_survey_group_key_name = ( + record_entity.grading_survey_group.key().id_or_name()) + + if survey_group_key_name != record_survey_group_key_name: + # this record does not belong to the given GradingSurveyGroup show list + return self._showEditRecordList(request, params, page_name, **kwargs) + # get the context for this webpage context = responses.getUniversalContext(request) responses.useJavaScript(context, params['js_uses_all'])