Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

tighten permissions for mods

  • Loading branch information...
commit 90414dda49960abed192fda8517f1102b496aa94 1 parent bba30ae
Justine Tunney authored
Showing with 12 additions and 0 deletions.
  1. +12 −0 occupywallst/api.py
View
12 occupywallst/api.py
@@ -345,6 +345,9 @@ def article_edit(user, article_slug, title, content, **kwargs):
except db.Article.DoesNotExist:
raise APIException(_("article not found"))
_check_modify_article(user, article)
+ if user != article.author:
+ if not user.is_superuser:
+ raise APIException(_("insufficient privileges"))
article.title = title
article.content = content
_check_post(user, article)
@@ -372,6 +375,9 @@ def article_delete(user, article_slug, **kwargs):
except db.Article.DoesNotExist:
raise APIException(_("article not found"))
_check_modify_article(user, article)
+ if user != article.author:
+ if not user.is_superuser:
+ raise APIException(_("insufficient privileges"))
article.author = None
article.title = "[DELETED]"
article.content = "[DELETED]"
@@ -571,6 +577,9 @@ def comment_edit(user, comment_id, content, **kwargs):
except db.Comment.DoesNotExist:
raise APIException(_("comment not found"))
_check_modify_comment(user, comment)
+ if user != comment.user:
+ if not user.is_superuser:
+ raise APIException(_("insufficient privileges"))
comment.content = content
_check_post(user, comment)
comment.save()
@@ -615,6 +624,9 @@ def comment_delete(user, comment_id, **kwargs):
except db.Comment.DoesNotExist:
raise APIException(_("comment not found"))
_check_modify_comment(user, comment)
+ if user != comment.user:
+ if not user.is_superuser:
+ raise APIException(_("insufficient privileges"))
comment.article.comment_count -= 1
comment.article.save()
comment.delete()
Please sign in to comment.
Something went wrong with that request. Please try again.