Make sure users can only edit their own case studies

apps/map/admin.py

@@ -22,7 +22,7 @@ class CaseStudyAdminForm(forms.ModelForm):
 
 
 class CaseStudyAdmin(LeafletGeoAdmin):
-    list_display = ('id', 'date_created', 'entry_name', 'approved')
+    list_display = ('id', 'date_created', 'entry_name', 'approved', 'author')
     actions = ['approve', 'unapprove']
     form = CaseStudyAdminForm
 

apps/map/views.py

@@ -1,7 +1,7 @@
 import json
 
 from django.conf import settings
-from django.contrib.auth.mixins import LoginRequiredMixin
+from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
 from django.core.mail import send_mail
 from django.db.models import Q
 from django.http import Http404, HttpResponse
@@ -150,9 +150,20 @@ class BaseEditForm(LoginRequiredMixin, FilesHandlerMixin, UpdateView):
     model = CaseStudy
 
 
-class EditCaseStudy(BaseEditForm):
+class EditCaseStudy(UserPassesTestMixin, BaseEditForm):
     form_class = ShortCaseStudyForm
 
+    def test_func(self):
+        object = self.get_object()
+        if object.author:
+            author = object.author.id
+        else:
+            author = -1
+
+        return self.request.user.is_authenticated and (
+            author is self.request.user.id
+        )
+
 
 class SpatialRefSysAutocomplete(autocomplete.Select2QuerySetView):
     def get_queryset(self):