images = [map_to_url(f) for f in map(smart_unicode, os.listdir(base_dir)) if is_image(f)]
images.sort()
- if not request.user.is_authenticated():
+ books = Book.objects.filter(gallery=directory)
+
+ if not all(book.public for book in books) and not request.user.is_authenticated():
return HttpResponseForbidden("Not authorized.")
return JSONResponse(images)