From 4f0687fc1fe1bc51b09088e57d605fd4d29c913d Mon Sep 17 00:00:00 2001
From: Jacob Hilker <hilker.j@gmail.com>
Date: Tue, 11 Feb 2014 09:36:12 -0500
Subject: [PATCH] require login for edit endpoint

---
 karmaworld/apps/notes/views.py      | 4 +---
 karmaworld/assets/js/note-detail.js | 1 -
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/karmaworld/apps/notes/views.py b/karmaworld/apps/notes/views.py
index f6385c3..30633c4 100644
--- a/karmaworld/apps/notes/views.py
+++ b/karmaworld/apps/notes/views.py
@@ -285,10 +285,8 @@ def edit_note_tags(request, pk):
     """
     Saves the posted string of tags
     """
-    if request.method == "POST" and request.is_ajax():
+    if request.method == "POST" and request.is_ajax() and request.user.is_authenticated() and request.user.get_profile().can_edit_items():
         note = Note.objects.get(pk=pk)
-
-        # note.tags.set(*json.loads(request.body))
         note.tags.set(request.body)
 
         note_json = serializers.serialize('json', [note,])
diff --git a/karmaworld/assets/js/note-detail.js b/karmaworld/assets/js/note-detail.js
index d81dc79..1392c77 100644
--- a/karmaworld/assets/js/note-detail.js
+++ b/karmaworld/assets/js/note-detail.js
@@ -159,7 +159,6 @@ $(function() {
       url: edit_note_tags_url,
       dataType: 'json',
       data: $('#note_tags_input').val(),
-      // data: JSON.stringify(['test','tags']),//$('#edit-course-form').children().serialize(),
       type: 'POST',
       success: function(data) {
         $('#note_tags_form').slideUp();
-- 
2.25.1