From f6ed9b6b28f60145b17f19e8307b2212d637ddcd Mon Sep 17 00:00:00 2001
From: Nigel Babu <nigelbabu@gmail.com>
Date: Tue, 26 Mar 2013 09:10:12 +0530
Subject: [PATCH] [#283] Check context has user in related_update

* Check that the context has user key.
* Check that a user object exists corresponding to
  value of 'user' in context.
---
 ckan/logic/action/update.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ckan/logic/action/update.py b/ckan/logic/action/update.py
index f05d1dce551..2f0ab18ed1e 100644
--- a/ckan/logic/action/update.py
+++ b/ckan/logic/action/update.py
@@ -126,10 +126,18 @@ def related_update(context, data_dict):
     :rtype: dictionary
 
     '''
+    if not context.has_key('user'):
+        raise logic.NotAuthorized(
+                _("You must be logged in to update a related item."))
+
     model = context['model']
     user = context['user']
     id = _get_or_bust(data_dict, "id")
     userobj = model.User.get(user)
+    if not userobj:
+        raise logic.NotAuthorized(
+                _("You must be logged in to update a related item."))
+
     session = context['session']
 
     schema = context.get('schema') or ckan.logic.schema.default_related_schema()