From 3fd573c0da5a9eaadd5b5198f159e5474b6c408f Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Mon, 19 Sep 2022 10:16:38 -0700 Subject: [PATCH] Check perms on site model form --- bookwyrm/models/site.py | 8 ++++++++ bookwyrm/views/admin/site.py | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/bookwyrm/models/site.py b/bookwyrm/models/site.py index 7730391f1..4d891e721 100644 --- a/bookwyrm/models/site.py +++ b/bookwyrm/models/site.py @@ -3,6 +3,7 @@ import datetime from urllib.parse import urljoin import uuid +from django.core.exceptions import PermissionDenied from django.db import models, IntegrityError from django.dispatch import receiver from django.utils import timezone @@ -114,6 +115,13 @@ class SiteSettings(models.Model): self.invite_question_text = "What is your favourite book?" super().save(*args, **kwargs) + # pylint: disable=no-self-use + def raise_not_editable(self, viewer): + """Check if the user has the right permissions""" + if viewer.has_perm("bookwyrm.edit_instance_settings"): + return + raise PermissionDenied() + class Theme(models.Model): """Theme files""" diff --git a/bookwyrm/views/admin/site.py b/bookwyrm/views/admin/site.py index f345d9970..df3b12aa0 100644 --- a/bookwyrm/views/admin/site.py +++ b/bookwyrm/views/admin/site.py @@ -29,7 +29,7 @@ class Site(View): if not form.is_valid(): data = {"site_form": form} return TemplateResponse(request, "settings/site.html", data) - site = form.save() + site = form.save(request) data = {"site_form": forms.SiteForm(instance=site), "success": True} return TemplateResponse(request, "settings/site.html", data)