[FIX] Correction de bugs (#617)

* Fix #600 * Fix #602 * Fixes & améliorations du nouveau CSS (#616) * Fix #604 * should fix #605 * Fix #608 * Update core/views/site.py Co-Authored-By: thomas girod <56346771+imperosol@users.noreply.github.com> * Added back the permission denied * Should fix #609 * Fix failing test when 2 user are merged * Should fix #610 * Should fix #627 * Should fix #109 Block les URLs suivantes lorsque le fichier se trouve dans le dir `profiles` ou `SAS` : - `/file/<id>/` - `/file/<id>/[delete|prop|edit]` > Les urls du SAS restent accessiblent pour les roots & les admins SAS > Les urls de profiles sont uniquement accessiblent aux roots * Fix root dir of SAS being unnaccessible for sas admins ⚠️ need to edit the SAS directory & save it (no changes required in sas directory properties) * Remove overwritten code * Should fix duplicated albums in user profile (wtf) * Fix typo * Extended profiles picture access to board members * Should fix #607 * Fix keyboard navigation not working properly * Fix user tagged pictures section inside python rather than in the template * Update utils.py * Apply suggested changes * Fix #604 * Fix #608 * Added back the permission denied * Should fix duplicated albums in user profile (wtf) * Fix user tagged pictures section inside python rather than in the template * Apply suggested changes --------- Co-authored-by: thomas girod <56346771+imperosol@users.noreply.github.com>
2025-07-10 03:49:24 +00:00 · 2023-05-02 13:07:36 +02:00
parent ef968f3673
commit b30ee0a27a
17 changed files with 189 additions and 35 deletions
--- a/trombi/templates/trombi/detail.jinja
+++ b/trombi/templates/trombi/detail.jinja
@ -14,8 +14,8 @@
    <hr>
    <h4>{% trans %}Add user{% endtrans %}</h4>
    <form action="" method="post">
-        {% csrf_token %}
-        {{ form.as_p() }}
+        {% csrf_token %}
+        {{ form.as_p() }}
        <input type="submit" value="{% trans %}Add{% endtrans %}" />
    </form>
    <hr>
--- a/trombi/templates/trombi/user_tools.jinja
+++ b/trombi/templates/trombi/user_tools.jinja
@ -38,18 +38,18 @@
        </div>
        <div>{{ u.user.get_display_name() }}</div>
        {% if trombi.show_profiles %}
-        <div>
-            <a href="{{ url("trombi:user_profile", user_id=u.id) }}">{% trans %}Profile{% endtrans %}</a>
-        </div>
+            <div>
+                <a href="{{ url('trombi:user_profile', user_id=u.id) }}">{% trans %}Profile{% endtrans %}</a>
+            </div>
        {% endif %}
        <div>
            {% if can_comment %}
-            {% set comment = u.received_comments.filter(author__id=user.trombi_user.id).first() %}
-            {% if comment %}
-            <a href="{{ url("trombi:edit_comment", comment_id=comment.id) }}">{% trans %}Edit comment{% endtrans %}</a>
-            {% else %}
-            <a href="{{ url("trombi:new_comment", user_id=u.id) }}">{% trans %}Comment{% endtrans %}</a>
-            {% endif %}
+                {% set comment = u.received_comments.filter(author__id=user.trombi_user.id).first() %}
+                {% if comment %}
+                    <a href="{{ url('trombi:edit_comment', comment_id=comment.id) }}">{% trans %}Edit comment{% endtrans %}</a>
+                {% else %}
+                    <a href="{{ url('trombi:new_comment', user_id=u.id) }}">{% trans %}Comment{% endtrans %}</a>
+                {% endif %}
            {% endif %}
        </div>
    </div>
--- a/trombi/views.py
+++ b/trombi/views.py
@ -462,6 +462,10 @@ class UserTrombiProfileView(TrombiTabsMixin, DetailView):

    def get(self, request, *args, **kwargs):
        self.object = self.get_object()
+
+        if request.user.is_anonymous:
+            raise PermissionDenied()
+
        if (
            self.object.trombi.id != request.user.trombi_user.trombi.id
            or self.object.user.id == request.user.id