--- a/src/egonomy/views.py	Tue Feb 26 11:01:21 2013 +0100
+++ b/src/egonomy/views.py	Tue Feb 26 17:52:44 2013 +0100
@@ -1,17 +1,19 @@
 from django.conf import settings
 from django.contrib.auth.decorators import login_required
+from django.contrib.auth.models import User
 from django.core.paginator import Paginator, InvalidPage, EmptyPage
 from django.core.urlresolvers import reverse
 from django.db.models.aggregates import Max
+from django.http.response import HttpResponseForbidden
 from django.shortcuts import get_object_or_404, render_to_response, redirect
 from django.template import RequestContext
+from django.utils.translation import ugettext as _
 from egonomy.models import ImageMetadata, Image, Fragment
 from egonomy.search_indexes import QueryParser
 from egonomy.search_indexes.paginator import SearchPaginator
 from egonomy.search_indexes.query import ModelRelatedSearchQuerySet
 from haystack.query import RelatedSearchQuerySet
 import logging
-from django.contrib.auth.models import User
 
 logger = logging.getLogger(__name__)
 
@@ -54,13 +56,19 @@
                               context_instance=RequestContext(request))
 
 @login_required
-def create_fragment(request, image_id):
+def create_fragment(request, image_id, fragment_pk=None):
     
     img = get_object_or_404(Image.objects.select_related('info', 'metadata'), id=image_id)
     frg_list = Fragment.objects.filter(image=img).order_by('-date_saved').select_related('image', 'image__info', 'image__metadata','author')
+    frg_to_modify = None
+    if fragment_pk:
+        frg_to_modify = get_object_or_404(Fragment.objects.select_related('author'), pk=fragment_pk)
+        # We check if the current user is the fragment's author
+        if frg_to_modify.author != request.user:
+            return HttpResponseForbidden(_("You are not allowed to modify this fragment."))
     
     return render_to_response("egonomy_create_fragment.html",
-                              {'img': img, 'fragment_list': frg_list},
+                              {'img': img, 'frg_to_modify': frg_to_modify, 'fragment_list': frg_list},
                               context_instance=RequestContext(request))
 
 @login_required
@@ -71,16 +79,22 @@
     frg_kw = request.POST["user_keywords"]
     frg_path = request.POST["fragment_path"]
     frg_image_id = request.POST["image_id"]
-    img = get_object_or_404(Image, id=frg_image_id)
+    if "fragment_pk" in request.POST:
+        frg_pk = request.POST["fragment_pk"]
+        frg = get_object_or_404(Fragment.objects.select_related('author'), pk=frg_pk)
+        # We check if the current user is the fragment's author
+        if frg.author != request.user:
+            return HttpResponseForbidden(_("You are not allowed to modify this fragment."))
+    else :
+        img = get_object_or_404(Image, id=frg_image_id)
+        frg = Fragment()
+        frg.image = img
+        frg.author = request.user
     
-    frg = Fragment()
-    frg.image = img
     frg.coordinates = frg_path
     frg.title = frg_title
     frg.description = frg_desc
     frg.tags = frg_kw
-    frg.author = request.user
-    
     frg.save()
     
     return redirect("view_fragment", fragment_pk=frg.pk)