X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/baab092545bc665c1259488925af9213591ee310..91dd7bde79124d1258984b264f8f80188c2383c6:/apps/wiki/views.py diff --git a/apps/wiki/views.py b/apps/wiki/views.py index 34f02407..f8ba46ec 100644 --- a/apps/wiki/views.py +++ b/apps/wiki/views.py @@ -220,7 +220,9 @@ def gallery(request, directory): images = [map_to_url(f) for f in map(smart_unicode, os.listdir(base_dir)) if is_image(f)] images.sort() - if not request.user.is_authenticated(): + books = Book.objects.filter(gallery=directory) + + if not all(book.public for book in books) and not request.user.is_authenticated(): return HttpResponseForbidden("Not authorized.") return JSONResponse(images)