refuse to customize a read-only use

commit: 60fd8cd113fd638eb207067048d662168ec6a61b [log] [tgz]
author: Scott Baker <smbaker@gmail.com> Wed May 21 18:02:44 2014 -0700
committer: Scott Baker <smbaker@gmail.com> Wed May 21 18:02:44 2014 -0700
tree: e0d48ed61118c6ccc79ea4e92ba6abbc67efe5c3
parent: e34e67d4e561f041f6a9087d1330d73e19a02fd7 [diff]
diff --git a/planetstack/core/plus/views.py b/planetstack/core/plus/views.py
index 9b26e51..4dcca79 100644
--- a/planetstack/core/plus/views.py
+++ b/planetstack/core/plus/views.py

@@ -13,7 +13,7 @@
 from operator import attrgetter
 from django import template
 from django.views.decorators.csrf import csrf_exempt
-from django.http import HttpResponse, HttpResponseServerError
+from django.http import HttpResponse, HttpResponseServerError, HttpResponseForbidden
 from django.core import urlresolvers
 from django.contrib.gis.geoip import GeoIP
 from ipware.ip import get_ip
@@ -729,6 +729,9 @@
 
 class DashboardCustomize(View):
     def post(self, request, *args, **kwargs):

+        if request.user.isReadOnlyUser():

+            return HttpResponseForbidden("User is in read-only mode")

+

         dashboards = request.POST.get("dashboards", None)

         if not dashboards:

             dashboards=[]

@@ -742,5 +745,5 @@
             udbv = UserDashboardView(user=request.user, dashboardView=dashboard, order=i)

             udbv.save()

 

-        return HttpResponse("updated")

+        return HttpResponse(json.dumps("Success"), mimetype='application/javascript')
commit	60fd8cd113fd638eb207067048d662168ec6a61b	[log] [tgz]
author	Scott Baker <smbaker@gmail.com>	Wed May 21 18:02:44 2014 -0700
committer	Scott Baker <smbaker@gmail.com>	Wed May 21 18:02:44 2014 -0700
tree	e0d48ed61118c6ccc79ea4e92ba6abbc67efe5c3
parent	e34e67d4e561f041f6a9087d1330d73e19a02fd7 [diff]