raise PermissionDenied if someone tries to save an object without can_update rights

commit: e5f41b0ada6f519a07e3d34e82c569c6027aa8ae [log] [tgz]
author: Scott Baker <smbaker@gmail.com> Thu Oct 02 22:50:18 2014 -0700
committer: Scott Baker <smbaker@gmail.com> Thu Oct 02 22:50:18 2014 -0700
tree: 410f07be14bacf21cb9fc93b15f42b1b111a528c
parent: 2ba348503e956666b076f1aa4de94cdefa9e4d9c [diff]
diff --git a/planetstack/core/models/plcorebase.py b/planetstack/core/models/plcorebase.py
index 8d657a7..b9692c6 100644
--- a/planetstack/core/models/plcorebase.py
+++ b/planetstack/core/models/plcorebase.py

@@ -5,6 +5,7 @@
 from django.core.urlresolvers import reverse
 from django.forms.models import model_to_dict
 from django.utils import timezone
+from django.core.exceptions import PermissionDenied
 import model_policy
 
 try:
@@ -128,12 +129,14 @@
         self.__initial = self._dict
 
     def save_by_user(self, user, *args, **kwds):
-        if self.can_update(user):
-            self.save(*args, **kwds)
+        if not self.can_update(user):
+            raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
+        self.save(*args, **kwds)
 
     def delete_by_user(self, user, *args, **kwds):
-        if self.can_update(user):
-            self.delete(*args, **kwds)
+        if not self.can_update(user):
+            raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
+        self.delete(*args, **kwds)
 
     @property
     def _dict(self):
commit	e5f41b0ada6f519a07e3d34e82c569c6027aa8ae	[log] [tgz]
author	Scott Baker <smbaker@gmail.com>	Thu Oct 02 22:50:18 2014 -0700
committer	Scott Baker <smbaker@gmail.com>	Thu Oct 02 22:50:18 2014 -0700
tree	410f07be14bacf21cb9fc93b15f42b1b111a528c
parent	2ba348503e956666b076f1aa4de94cdefa9e4d9c [diff]