Commit 7e190174 authored by Jack Ketcham's avatar Jack Ketcham

Set current user as update object, require login

* Instead of setting the `model` property on the UpdateView class, adds
a get_object method which returns the current user. This prevents any
user from editing another user's data.
* Adds the LoginRequiredMixin to the ProfileConfigureView to limit
access to authenticated users.
parent c038eac5
...@@ -10,6 +10,7 @@ from password_reset.views import Recover ...@@ -10,6 +10,7 @@ from password_reset.views import Recover
from .serializers import UserSerializer from .serializers import UserSerializer
from .forms import PasswordRecoveryForm, PasswordChangeForm, \ from .forms import PasswordRecoveryForm, PasswordChangeForm, \
ProfileConfigureForm ProfileConfigureForm
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.views import PasswordChangeView \ from django.contrib.auth.views import PasswordChangeView \
as BasePasswordChangeView as BasePasswordChangeView
from django.contrib.auth.views import PasswordChangeDoneView \ from django.contrib.auth.views import PasswordChangeDoneView \
...@@ -67,13 +68,13 @@ class PasswordChange(BasePasswordChangeView): ...@@ -67,13 +68,13 @@ class PasswordChange(BasePasswordChangeView):
return context return context
class ProfileConfigureView(UpdateView): class ProfileConfigureView(LoginRequiredMixin, UpdateView):
template_name = 'purist/profile_configure.html' template_name = 'purist/profile_configure.html'
form_class = ProfileConfigureForm form_class = ProfileConfigureForm
success_url = reverse_lazy('profile') success_url = reverse_lazy('profile')
model = User
slug_field = 'username' def get_object(self, queryset=None):
slug_url_kwarg = 'username' return self.request.user
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super(ProfileConfigureView, self).get_context_data(**kwargs) context = super(ProfileConfigureView, self).get_context_data(**kwargs)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment