Mercurial Mercurial > py_tasks_melange / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed issue where GradingSurveyRecords from another group could be edited.
authorLennard de Rijk <ljvderijk@gmail.com>
Tue, 14 Jul 2009 18:44:33 +0200
changeset 2649 7faecb7f2765
parent 2648 c6d1c9ccef4a
child 2650 6adbb87b91db
Fixed issue where GradingSurveyRecords from another group could be edited.
app/soc/views/models/grading_survey_group.py file | annotate | diff | comparison | revisions 
--- a/app/soc/views/models/grading_survey_group.py	Tue Jul 14 18:36:16 2009 +0200
+++ b/app/soc/views/models/grading_survey_group.py	Tue Jul 14 18:44:33 2009 +0200
@@ -316,7 +316,6 @@
       context['message'] = ('Updating StudentProjects successfully started. '
                            'And sending out e-mail with the results.')
 
-
     list_params = params.copy()
     list_params['logic'] = record_logic
     list_params['list_heading'] = params['records_heading_template']
@@ -389,6 +388,14 @@
       return responses.errorResponse(
           error, request, template=params['error_public'])
 
+    survey_group_key_name = survey_group_logic.getKeyNameFromFields(kwargs)
+    record_survey_group_key_name = (
+        record_entity.grading_survey_group.key().id_or_name())
+
+    if survey_group_key_name != record_survey_group_key_name:
+      # this record does not belong to the given GradingSurveyGroup show list
+      return self._showEditRecordList(request, params, page_name, **kwargs)
+
     # get the context for this webpage
     context = responses.getUniversalContext(request)
     responses.useJavaScript(context, params['js_uses_all'])
py_tasks_melange