X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/baab092545bc665c1259488925af9213591ee310..96aa512d18d6b5fc2857e2bc087436dcfd8ffd06:/apps/wiki/views.py?ds=sidebyside diff --git a/apps/wiki/views.py b/apps/wiki/views.py index 34f02407..f8ba46ec 100644 --- a/apps/wiki/views.py +++ b/apps/wiki/views.py @@ -220,7 +220,9 @@ def gallery(request, directory): images = [map_to_url(f) for f in map(smart_unicode, os.listdir(base_dir)) if is_image(f)] images.sort() - if not request.user.is_authenticated(): + books = Book.objects.filter(gallery=directory) + + if not all(book.public for book in books) and not request.user.is_authenticated(): return HttpResponseForbidden("Not authorized.") return JSONResponse(images)