fnp / redakcja.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
view gallery without logging in
[redakcja.git] / apps / catalogue / views.py
diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py
index b30297c..22aeffe 100644 (file)
--- a/apps/catalogue/views.py
+++ b/apps/catalogue/views.py
@@ -587,6 +587,8 @@ def publish_image(request, slug):
 class GalleryView(UploadView):
     def get_object(self, request, slug):
         book = get_object_or_404(Book, slug=slug)
+        if not book.public and not request.user.has_perm('catalogue.change_book'):
+            return HttpResponseForbidden()
         if not book.gallery:
             raise Http404
         return book