Limit version editing to creator and superusers

recipes/views.py

@@ -1,4 +1,4 @@
-from django.shortcuts import render, get_object_or_404
+from django.shortcuts import render, get_object_or_404, redirect
 from .models import Recipe, Version, Ingredient
 from .forms import RecipeForm, VersionForm, IngredientFormSet
 from django.contrib.auth.decorators import login_required
@@ -113,6 +113,9 @@ def edit_version(request, slug_recipe, slug_version):
 	recipe = get_object_or_404(Recipe, slug=slug_recipe)
 	version = get_object_or_404(Version, recipe=recipe, slug=slug_version)
 
+	if version.user != request.user and not request.user.is_superuser:
+		return redirect(f"/accounts/login/?next={request.path}")
+
 	if request.method == 'POST':
 		version_form = VersionForm(request.POST, prefix=VERSION_FORM_PREFIX, instance=version, author_placeholder=get_name_of_user(request.user))
 		ingredients_formset = IngredientFormSet(request.POST, queryset=version.ingredients.all(), prefix=INGREDIENTS_FORMSET_PREFIX) # type: ignore

templates/registration/login.html

@@ -11,7 +11,7 @@
 {% if next %}
 <section>
 	{% if user.is_authenticated %}
-	<p>You are not authorized to access this site. Please inform Benjamin to get the corresponding authorization or log in with an account with the necessary permissions.</p>
+	<p>You are not authorized to access this site. Please log in with an account with the necessary permissions.</p>
 	{% else %}
 	<p>Please log in to view this site.</p>
 	{% endif %}