- if request.method == 'POST' and request.POST.get('form') == 'bundle':
- action = request.POST.get('action', '').lower()
- if action == 'delete':
- bundle.delete()
- return HttpResponseRedirect(
- django.core.urlresolvers.reverse(
- 'patchwork.views.user.profile')
- )
- elif action == 'update':
- form = BundleForm(request.POST, instance = bundle)
- if form.is_valid():
- form.save()
+ is_owner = request.user == bundle.owner
+
+ if not (is_owner or bundle.public):
+ return HttpResponseNotFound()
+
+ if is_owner:
+ if request.method == 'POST' and request.POST.get('form') == 'bundle':
+ action = request.POST.get('action', '').lower()
+ if action == 'delete':
+ bundle.delete()
+ return HttpResponseRedirect(
+ django.core.urlresolvers.reverse(
+ 'patchwork.views.user.profile')
+ )
+ elif action == 'update':
+ form = BundleForm(request.POST, instance = bundle)
+ if form.is_valid():
+ form.save()
+
+ # if we've changed the bundle name, redirect to new URL
+ bundle = Bundle.objects.get(pk = bundle.pk)
+ if bundle.name != bundlename:
+ return HttpResponseRedirect(bundle.get_absolute_url())
+
+ else:
+ form = BundleForm(instance = bundle)
+ else:
+ form = BundleForm(instance = bundle)
+
+ if request.method == 'POST' and \
+ request.POST.get('form') == 'reorderform':
+ order = get_object_or_404(BundlePatch, bundle = bundle,
+ patch__id = request.POST.get('order_start')).order
+
+ for patch_id in request.POST.getlist('neworder'):
+ bundlepatch = get_object_or_404(BundlePatch,
+ bundle = bundle, patch__id = patch_id)
+ bundlepatch.order = order
+ bundlepatch.save()
+ order += 1