X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/74378d009ec094bd52789bcb5f1a7be89c3509de..249d530e9478f9187092efbcc9d8a5b51ad033bb:/apps/catalogue/views.py diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py index b30297cd..22aeffe8 100644 --- a/apps/catalogue/views.py +++ b/apps/catalogue/views.py @@ -587,6 +587,8 @@ def publish_image(request, slug): class GalleryView(UploadView): def get_object(self, request, slug): book = get_object_or_404(Book, slug=slug) + if not book.public and not request.user.has_perm('catalogue.change_book'): + return HttpResponseForbidden() if not book.gallery: raise Http404 return book