Skip to content

Commit fe0d35a

Browse files
committed
Add FIXME about POST, remove some unnecessary is_authenticated calls
from liaisons - Legacy-Id: 10332
1 parent 5a6e68e commit fe0d35a

1 file changed

Lines changed: 5 additions & 4 deletions

File tree

ietf/liaisons/views.py

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -334,9 +334,10 @@ def liaison_history(request, object_id):
334334
def liaison_delete_attachment(request, object_id, attach_id):
335335
liaison = get_object_or_404(LiaisonStatement, pk=object_id)
336336
attach = get_object_or_404(LiaisonStatementAttachment, pk=attach_id)
337-
if not ( request.user.is_authenticated() and can_edit_liaison(request.user, liaison) ):
337+
if not can_edit_liaison(request.user, liaison):
338338
return HttpResponseForbidden("You are not authorized for this action")
339339

340+
# FIXME: this view should use POST instead of GET when deleting
340341
attach.removed = True
341342
attach.save()
342343

@@ -352,7 +353,7 @@ def liaison_delete_attachment(request, object_id, attach_id):
352353

353354
def liaison_detail(request, object_id):
354355
liaison = get_object_or_404(LiaisonStatement, pk=object_id)
355-
can_edit = request.user.is_authenticated() and can_edit_liaison(request.user, liaison)
356+
can_edit = can_edit_liaison(request.user, liaison)
356357
can_take_care = _can_take_care(liaison, request.user)
357358
can_reply = _can_reply(liaison, request.user)
358359
person = get_person_for_user(request.user)
@@ -391,15 +392,15 @@ def liaison_detail(request, object_id):
391392

392393
def liaison_edit(request, object_id):
393394
liaison = get_object_or_404(LiaisonStatement, pk=object_id)
394-
if not (request.user.is_authenticated() and can_edit_liaison(request.user, liaison)):
395+
if not can_edit_liaison(request.user, liaison):
395396
return HttpResponseForbidden('You do not have permission to edit this liaison statement')
396397
return liaison_add(request, instance=liaison)
397398

398399
def liaison_edit_attachment(request, object_id, doc_id):
399400
'''Edit the Liaison Statement attachment title'''
400401
liaison = get_object_or_404(LiaisonStatement, pk=object_id)
401402
doc = get_object_or_404(Document, pk=doc_id)
402-
if not ( request.user.is_authenticated() and can_edit_liaison(request.user, liaison) ):
403+
if not can_edit_liaison(request.user, liaison):
403404
return HttpResponseForbidden("You are not authorized for this action")
404405

405406
if request.method == 'POST':

0 commit comments

Comments
 (0)