Mercurial > agora-palash
changeset 79:96ad476f52df
Tailor editprofile view to work only for the logged-in user
It makes more sense than first identifying the user and checking that the
user is the same as the logged-in user. Now there's no need to pass the
authenticated user's username to the {% url %} tag.
author | dellsystem <ilostwaldo@gmail.com> |
---|---|
date | Fri, 24 Aug 2012 16:37:22 -0400 |
parents | d416b8198889 |
children | eaa36eaaf74a |
files | apps/profile/views.py |
diffstat | 1 files changed, 2 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/apps/profile/views.py Fri Aug 24 16:32:17 2012 -0400 +++ b/apps/profile/views.py Fri Aug 24 16:37:22 2012 -0400 @@ -50,12 +50,8 @@ ) @login_required -def editprofile(request, user): - [u,p] = getprofile(user) - - #Make sure user can only edit own profile - if request.user != u: - raise Http403 +def editprofile(request): + [u,p] = getprofile(request.user) if request.method=='POST': u.first_name = request.POST['first-name']