From: Jacob Hilker <hilker.j@gmail.com>
Date: Tue, 11 Feb 2014 14:36:12 +0000 (-0500)
Subject: require login for edit endpoint
X-Git-Tag: release-20150131~148^2~15^2
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=4f0687fc1fe1bc51b09088e57d605fd4d29c913d;p=oweals%2Fkarmaworld.git

require login for edit endpoint
---

diff --git a/karmaworld/apps/notes/views.py b/karmaworld/apps/notes/views.py
index f6385c3..30633c4 100644
--- a/karmaworld/apps/notes/views.py
+++ b/karmaworld/apps/notes/views.py
@@ -285,10 +285,8 @@ def edit_note_tags(request, pk):
     """
     Saves the posted string of tags
     """
-    if request.method == "POST" and request.is_ajax():
+    if request.method == "POST" and request.is_ajax() and request.user.is_authenticated() and request.user.get_profile().can_edit_items():
         note = Note.objects.get(pk=pk)
-
-        # note.tags.set(*json.loads(request.body))
         note.tags.set(request.body)
 
         note_json = serializers.serialize('json', [note,])
diff --git a/karmaworld/assets/js/note-detail.js b/karmaworld/assets/js/note-detail.js
index d81dc79..1392c77 100644
--- a/karmaworld/assets/js/note-detail.js
+++ b/karmaworld/assets/js/note-detail.js
@@ -159,7 +159,6 @@ $(function() {
       url: edit_note_tags_url,
       dataType: 'json',
       data: $('#note_tags_input').val(),
-      // data: JSON.stringify(['test','tags']),//$('#edit-course-form').children().serialize(),
       type: 'POST',
       success: function(data) {
         $('#note_tags_form').slideUp();