add login_required decorator and fix issue when annotation_ids are not unique https...

diff --git a/models.py b/models.py
index 53be2b370bbd4080ee961ca3d491140257530e20..ab930593f67d0498919830debd8af10849425879 100644 (file)
--- a/models.py
+++ b/models.py
@@ -1,4 +1,5 @@
 from django.db import models
+from django.core.exceptions import MultipleObjectsReturned
 
 
 class Annotation(models.Model):
@@ -30,4 +31,7 @@ class AnnotationComment(models.Model):
 
        @property
        def annotation(self):
-               return Annotation.objects.get(uuid=self.uuid, annotation_id=self.annotation_id)
\ No newline at end of file
+               try:
+                       return Annotation.objects.get(uuid=self.uuid, annotation_id=self.annotation_id)
+               except MultipleObjectsReturned:
+                       return Annotation.objects.filter(uuid=self.uuid, annotation_id=self.annotation_id)[0]
\ No newline at end of file

diff --git a/views.py b/views.py
index fd0f11ccb68fff6b1dbf3edabc8927e2151b5ff5..491492fed4949ce11524b35ca27f6ad1092b4757 100644 (file)
--- a/views.py
+++ b/views.py
@@ -5,6 +5,7 @@ from django.http import HttpResponse
 from pdfannotator.models import Annotation, AnnotationComment
 from itertools import groupby
 import json
+from django.contrib.auth.decorators import login_required
 from django.core.exceptions import PermissionDenied
 
 
@@ -35,6 +36,7 @@ def is_readonly(request):
        return readonly
 
 
+@login_required
 def update_annotation(request):
        """
        """
@@ -53,7 +55,7 @@ def update_annotation(request):
        annot.save()
        return HttpResponse(json.dumps({'status':'ok'}), content_type="application/json")
 
-
+@login_required
 def get_annotations(request):
 
        uuid = request.GET.get('fileUuid')
@@ -68,13 +70,14 @@ def get_annotations(request):
                        result[key].append(annot)
        return HttpResponse(json.dumps(result), content_type="application/json")
 
+@login_required
 def get_annotation(request):
        uuid = request.GET.get('fileUuid')
        annotation_id = request.GET.get('annotationId')
        annotation = Annotation.objects.get(annotation_id=annotation_id, uuid=uuid)
        return HttpResponse(json.dumps(json.loads(annotation.content)), content_type="application/json")
 
-
+@login_required
 def add_annotation(request):
        """
        """
@@ -94,7 +97,7 @@ def add_annotation(request):
                content=json.dumps(annotation)).save()
        return HttpResponse(json.dumps({'status': 'ok'}), content_type="application/json")
 
-
+@login_required
 def delete_annotation(request):
        if is_readonly(request):
                raise PermissionDenied
@@ -107,7 +110,7 @@ def delete_annotation(request):
        comments.delete()
        return HttpResponse(json.dumps({'status': 'ok'}), content_type="application/json")
 
-
+@login_required
 def add_comment(request):
        if is_readonly(request):
                raise PermissionDenied
@@ -126,6 +129,7 @@ def add_comment(request):
        }
        return HttpResponse(json.dumps(commentData), content_type="application/json")
 
+@login_required
 def delete_comment(request):
        if is_readonly(request):
                raise PermissionDenied
@@ -137,6 +141,7 @@ def delete_comment(request):
        annot.delete()
        return HttpResponse(json.dumps({'status': 'ok'}), content_type="application/json")
 
+@login_required
 def get_comments(request):
        uuid = request.GET.get('fileUuid')
        # import pdb;pdb.set_trace()