Главная Обзор Помощь
Вход
221V
/
Misago
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Просмотр исходного кода

Check request type before hitting DB.

Rafał Pitoń 10 лет назад
Родитель
0a7c1bafd7
Сommit
0ccc073d55
2 измененных файлов с 7 добавлено и 7 удалено
Единый вид Показать статистику Diff
  1. 3 3
      misago/threads/views/generic/gotopostslist.py
  2. 4 4
      misago/threads/views/privatethreads.py

+ 3 - 3
misago/threads/views/generic/gotopostslist.py
Просмотреть файл 

@@ -21,6 +21,9 @@ class ModeratedPostsListView(ViewBase):
 
         return queryset.filter(is_moderated=True)
 
         return queryset.filter(is_moderated=True)
 
 
 
     def dispatch(self, request, *args, **kwargs):
 
     def dispatch(self, request, *args, **kwargs):
 
+        if not request.is_ajax():
 
+            return not_allowed(request)
 
+
 
         relations = ['forum']
 
         relations = ['forum']
 
         thread = self.fetch_thread(request, select_related=relations, **kwargs)
 
         thread = self.fetch_thread(request, select_related=relations, **kwargs)
 
         forum = thread.forum
 
         forum = thread.forum
 
@@ -30,9 +33,6 @@ class ModeratedPostsListView(ViewBase):
 
 
 
         self.allow_action(thread)
 
         self.allow_action(thread)
 
 
 
-        if not request.is_ajax():
 
-            return not_allowed(request)
 
-
 
         posts_qs = self.exclude_invisible_posts(
 
         posts_qs = self.exclude_invisible_posts(
 
             thread.post_set, request.user, forum, thread)
 
             thread.post_set, request.user, forum, thread)
 
         posts_qs = self.filter_posts_queryset(posts_qs)
 
         posts_qs = self.filter_posts_queryset(posts_qs)

+ 4 - 4
misago/threads/views/privatethreads.py
Просмотреть файл 

@@ -245,11 +245,11 @@ class ThreadParticipantsView(PrivateThreadsMixin, generic.ViewBase):
 
     template = 'misago/privatethreads/participants.html'
 
     template = 'misago/privatethreads/participants.html'
 
 
 
     def dispatch(self, request, *args, **kwargs):
 
     def dispatch(self, request, *args, **kwargs):
 
-        thread = self.get_thread(request, **kwargs)
 
-
 
         if not request.is_ajax():
 
         if not request.is_ajax():
 
             return not_allowed(request)
 
             return not_allowed(request)
 
 
 
+        thread = self.get_thread(request, **kwargs)
 
+
 
         participants_qs = thread.threadparticipant_set
 
         participants_qs = thread.threadparticipant_set
 
         participants_qs = participants_qs.select_related('user', 'user__rank')
 
         participants_qs = participants_qs.select_related('user', 'user__rank')
 
 
 
@@ -269,14 +269,14 @@ class EditThreadParticipantsView(ThreadParticipantsView):
 
 class BaseEditThreadParticipantView(PrivateThreadsMixin, generic.ViewBase):
 
 class BaseEditThreadParticipantView(PrivateThreadsMixin, generic.ViewBase):
 
     @atomic
 
     @atomic
 
     def dispatch(self, request, *args, **kwargs):
 
     def dispatch(self, request, *args, **kwargs):
 
-        thread = self.get_thread(request, lock=True, **kwargs)
 
-
 
         if not request.is_ajax():
 
         if not request.is_ajax():
 
             return not_allowed(request)
 
             return not_allowed(request)
 
 
 
         if not request.method == "POST":
 
         if not request.method == "POST":
 
             raise AjaxError(_("Wrong action received."))
 
             raise AjaxError(_("Wrong action received."))
 
 
 
+        thread = self.get_thread(request, lock=True, **kwargs)
 
+
 
         if not thread.participant or not thread.participant.is_owner:
 
         if not thread.participant or not thread.participant.is_owner:
 
             raise AjaxError(_("Only thread owner can add or "
 
             raise AjaxError(_("Only thread owner can add or "
 
                               "remove participants from thread."))
 
                               "remove participants from thread."))