forked from mirrors/bookwyrm
Change url for edit_profile_page.
Fixes inaccessible edit form. /user/edit/ resolved to a user called edit first. Also prevents a user accessing another user's edit form.
This commit is contained in:
parent
8618f20893
commit
c038888f63
3 changed files with 4 additions and 8 deletions
|
@ -16,7 +16,7 @@
|
||||||
|
|
||||||
{% if is_self %}
|
{% if is_self %}
|
||||||
<div class="interaction">
|
<div class="interaction">
|
||||||
<a href="/user/edit">Edit profile</a>
|
<a href="/edit_profile_page/">Edit profile</a>
|
||||||
</div>
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -41,8 +41,7 @@ urlpatterns = [
|
||||||
re_path(r'^logout/?$', views.user_logout),
|
re_path(r'^logout/?$', views.user_logout),
|
||||||
re_path(r'^notifications/?', views.notifications_page),
|
re_path(r'^notifications/?', views.notifications_page),
|
||||||
re_path(r'%s/?$' % user_path, views.user_page),
|
re_path(r'%s/?$' % user_path, views.user_page),
|
||||||
re_path(r'%s/edit/?$' % user_path, views.edit_profile_page),
|
re_path(r'edit_profile_page/?$', views.edit_profile_page),
|
||||||
re_path(r'^user/edit/?$', views.edit_profile_page),
|
|
||||||
re_path(r'%s/?$' % status_path, views.status_page),
|
re_path(r'%s/?$' % status_path, views.status_page),
|
||||||
re_path(r'^book/(?P<book_identifier>\w+)/?$', views.book_page),
|
re_path(r'^book/(?P<book_identifier>\w+)/?$', views.book_page),
|
||||||
re_path(r'^book/(?P<book_identifier>\w+)/(?P<tab>friends|local|federated)?$', views.book_page),
|
re_path(r'^book/(?P<book_identifier>\w+)/(?P<tab>friends|local|federated)?$', views.book_page),
|
||||||
|
|
|
@ -204,12 +204,9 @@ def status_page(request, username, status_id):
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
def edit_profile_page(request, username):
|
def edit_profile_page(request):
|
||||||
''' profile page for a user '''
|
''' profile page for a user '''
|
||||||
try:
|
user = request.user
|
||||||
user = models.User.objects.get(localname=username)
|
|
||||||
except models.User.DoesNotExist:
|
|
||||||
return HttpResponseNotFound()
|
|
||||||
|
|
||||||
form = forms.EditUserForm(instance=request.user)
|
form = forms.EditUserForm(instance=request.user)
|
||||||
data = {
|
data = {
|
||||||
|
|
Loading…
Reference in a new issue