Checkin only requires login (no perms) and block users from editing other checkins at Django level

2026-01-21 07:22:14 +00:00 · 2023-05-18 13:34:32 +01:00
parent 013922bd90
commit b151e1fcf3
2 changed files with 10 additions and 4 deletions
--- a/RIGS/views/hs.py
+++ b/RIGS/views/hs.py
@@ -263,6 +263,12 @@ class EventCheckInEdit(generic.UpdateView, ModalURLMixin):
    template_name = 'hs/eventcheckin_form.html'
    form_class = forms.EditCheckInForm

+    def dispatch(self, request, *args, **kwargs):
+        obj = self.get_object()
+        if not obj.person == self.request.user and not obj.event.mic == self.request.user:
+            return redirect(self.request.META.get('HTTP_REFERER', '/'))
+        return super().dispatch(request)
+
    def get_success_url(self):
        return self.get_close_url('event_detail', 'event_detail')  # Well, that's one way of doing that...!