entity = get_object_or_404(Trabalho, pk=tid)
form = TalkForm(request.POST or None, instance=entity)
- # avoiding smart people trying to se talks of other speakers.
- speaker = request.user.palestrante_set.get()
- if speaker.id != entity.palestrante.id:
- return forbidden
-
# These fields should not be shown to the user.
form.fields['palestrante'].widget = HiddenInput()
form.fields['evento'].widget = HiddenInput()
form.fields['outros_palestrantes'].initial = ''
form.fields['outros_palestrantes'].widget = HiddenInput()
+ # avoiding smart people trying to se talks of other speakers.
+ speaker = request.user.palestrante_set.get()
+ if speaker.id != entity.palestrante.id \
+ and speaker not in entity.outros_palestrantes.all():
+ return forbidden
+
if request.POST and form.is_valid():
form.save()