9 年之前 · c6472645c5
--- a/jet/dashboard/forms.py
+++ b/jet/dashboard/forms.py
@@ -17,6 +17,9 @@ class UpdateDashboardModulesForm(forms.Form):
 
				     def clean(self):
			
 
				         data = super(UpdateDashboardModulesForm, self).clean()
			
 
				 
			
 
				+        if not self.request.user.is_authenticated():
			
 
				+            raise ValidationError('error')
			
 
				+
			
 
				         try:
			
 
				             modules = json.loads(data['modules'])
			
 
				 
			
@@ -65,6 +68,9 @@ class AddUserDashboardModuleForm(forms.ModelForm):
 
				     def clean(self):
			
 
				         data = super(AddUserDashboardModuleForm, self).clean()
			
 
				 
			
 
				+        if not self.request.user.is_authenticated():
			
 
				+            raise ValidationError('error')
			
 
				+
			
 
				         if 'app_label' in data:
			
 
				             index_dashboard_cls = get_current_dashboard('app_index' if data['app_label'] else 'index')
			
 
				             index_dashboard = index_dashboard_cls({'request': self.request}, app_label=data['app_label'])
			
@@ -104,7 +110,7 @@ class UpdateDashboardModuleCollapseForm(forms.ModelForm):
 
				     def clean(self):
			
 
				         data = super(UpdateDashboardModuleCollapseForm, self).clean()
			
 
				 
			
 
				-        if self.instance.user != self.request.user.pk:
			
 
				+        if not self.request.user.is_authenticated() or self.instance.user != self.request.user.pk:
			
 
				             raise ValidationError('error')
			
 
				 
			
 
				         return data
			
@@ -122,7 +128,7 @@ class RemoveDashboardModuleForm(forms.ModelForm):
 
				     def clean(self):
			
 
				         cleaned_data = super(RemoveDashboardModuleForm, self).clean()
			
 
				 
			
 
				-        if self.instance.user != self.request.user.pk:
			
 
				+        if not self.request.user.is_authenticated() or self.instance.user != self.request.user.pk:
			
 
				             raise ValidationError('error')
			
 
				 
			
 
				         return cleaned_data
			
--- a/jet/dashboard/views.py
+++ b/jet/dashboard/views.py
@@ -1,6 +1,7 @@
 
				 from django.contrib import messages
			
 
				 from django.core.urlresolvers import reverse
			
 
				 from django.forms.formsets import formset_factory
			
 
				+from django.http import HttpResponseRedirect
			
 
				 from django.views.decorators.http import require_POST, require_GET
			
 
				 from jet.dashboard.forms import UpdateDashboardModulesForm, AddUserDashboardModuleForm, \
			
 
				     UpdateDashboardModuleCollapseForm, RemoveDashboardModuleForm, ResetDashboardForm
			
@@ -18,6 +19,9 @@ class UpdateDashboardModuleView(SuccessMessageMixin, UpdateView):
 
				     object = None
			
 
				     module = None
			
 
				 
			
 
				+    def has_permission(self, request):
			
 
				+        return request.user.is_active and request.user.is_staff
			
 
				+
			
 
				     def get_success_url(self):
			
 
				         if self.object.app_label:
			
 
				             return reverse('admin:app_list', kwargs={'app_label': self.object.app_label})
			
@@ -92,6 +96,10 @@ class UpdateDashboardModuleView(SuccessMessageMixin, UpdateView):
 
				         return data
			
 
				 
			
 
				     def dispatch(self, request, *args, **kwargs):
			
 
				+        if not self.has_permission(request):
			
 
				+            index_path = reverse('admin:index')
			
 
				+            return HttpResponseRedirect(index_path)
			
 
				+
			
 
				         self.object = self.get_object()
			
 
				         self.module = self.get_module()(model=self.object)
			
 
				         return super(UpdateDashboardModuleView, self).dispatch(request, *args, **kwargs)
			
--- a/jet/forms.py
+++ b/jet/forms.py
@@ -67,6 +67,12 @@ class ToggleApplicationPinForm(forms.ModelForm):
 
				         model = PinnedApplication
			
 
				         fields = ['app_label']
			
 
				 
			
 
				+    def clean(self):
			
 
				+        data = super(ToggleApplicationPinForm, self).clean()
			
 
				+        if not self.request.user.is_authenticated():
			
 
				+            raise ValidationError('error')
			
 
				+        return data
			
 
				+
			
 
				     def save(self, commit=True):
			
 
				         if commit:
			
 
				             try:
			
@@ -93,9 +99,16 @@ class ModelLookupForm(forms.Form):
 
				     object_id = forms.IntegerField(required=False)
			
 
				     model_cls = None
			
 
				 
			
 
				+    def __init__(self, request, *args, **kwargs):
			
 
				+        self.request = request
			
 
				+        super(ModelLookupForm, self).__init__(*args, **kwargs)
			
 
				+
			
 
				     def clean(self):
			
 
				         data = super(ModelLookupForm, self).clean()
			
 
				 
			
 
				+        if not self.request.user.is_authenticated():
			
 
				+            raise ValidationError('error')
			
 
				+
			
 
				         try:
			
 
				             self.model_cls = get_model(data['app_label'], data['model'])
			
 
				         except:
			
--- a/jet/views.py
+++ b/jet/views.py
@@ -58,7 +58,7 @@ def toggle_application_pin_view(request):
 
				 def model_lookup_view(request):
			
 
				     result = {'error': False}
			
 
				 
			
 
				-    form = ModelLookupForm(request.GET)
			
 
				+    form = ModelLookupForm(request, request.GET)
			
 
				 
			
 
				     if form.is_valid():
			
 
				         items, total = form.lookup()