fix a few major permission holes

This commit is contained in:
Ross
2023-12-04 12:19:52 +00:00
parent f346a69bb5
commit 976f57ac20
14 changed files with 77 additions and 36 deletions
+4
View File
@@ -212,8 +212,12 @@ def rapid_clone(request, pk):
new_item.pk = None # autogen a new pk (item_id)
# new_item.name = "Copy of " + new_item.name #need to change uniques
if request.user not in new_item.get_author_objects() and not request.user.is_superuser:
raise PermissionDenied() # or Http404
form = RapidForm(request.POST or None, instance=new_item)
image_formset = ImageFormSet()
answer_formset = AnswerFormSet()