From 42b355ec17f669b59d05e97badb751263a1ad5f3 Mon Sep 17 00:00:00 2001 From: m5ka Date: Mon, 25 Mar 2024 22:14:10 +0000 Subject: [PATCH] =?UTF-8?q?fix:=20=F0=9F=93=98=20stop=20users=20from=20att?= =?UTF-8?q?aching=20other=20users'=20recipes=20to=20their=20posts?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- moku/views/post.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/moku/views/post.py b/moku/views/post.py index 7633dff..5f0534f 100644 --- a/moku/views/post.py +++ b/moku/views/post.py @@ -5,9 +5,10 @@ from django.utils.translation import gettext as _ from django.views.generic import FormView from moku.constants import EMOJI_CATEGORIES, Verbs +from moku.forms.post import PostForm from moku.images import process_post_image from moku.models.post import Post -from moku.forms.post import PostForm +from moku.models.recipe import Recipe class FeedView(FormView): @@ -17,6 +18,9 @@ class FeedView(FormView): def form_valid(self, form): if not self.request.user.is_authenticated: raise PermissionDenied + if form.instance.recipe and form.instance.recipe.created_by.id != self.request.user.id: + messages.error(self.request, _("you can't add someone else's recipe to your post!")) + return redirect("feed") form.instance.created_by = self.request.user if "image" in form.changed_data and form.instance.image is not None: form.instance.image = process_post_image(form.instance.image) @@ -42,3 +46,8 @@ class FeedView(FormView): for verb in Verbs.CHOICES ) } + + def get_form(self, form_class=None): + form = super().get_form(form_class) + form.fields["recipe"].queryset = Recipe.objects.filter(created_by=self.request.user) + return form