Skip to content

Commit bcdc976

Browse files
OzzieIsaacsOzzieIsaacs
committed
Added missing check for creating public shelfs
1 parent 6aad937 commit bcdc976

File tree

1 file changed

+7
-2
lines changed

1 file changed

+7
-2
lines changed

cps/shelf.py

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -224,8 +224,13 @@ def remove_from_shelf(shelf_id, book_id):
224224
@shelf.route("/shelf/create", methods=["GET", "POST"])
225225
@login_required
226226
def create_shelf():
227-
shelf = ub.Shelf()
228-
return create_edit_shelf(shelf, page_title=_(u"Create a Shelf"), page="shelfcreate")
227+
if not current_user.role_edit_shelfs() and request.method == 'POST':
228+
flash(_(u"Sorry you are not allowed to create a public shelf"), category="error")
229+
return redirect(url_for('web.index'))
230+
else:
231+
shelf = ub.Shelf()
232+
return create_edit_shelf(shelf, page_title=_(u"Create a Shelf"), page="shelfcreate")
233+
229234

230235

231236
@shelf.route("/shelf/edit/<int:shelf_id>", methods=["GET", "POST"])

0 commit comments

Comments
 (0)