url(r'^book/(?P<slug>[^/]+)/publish$', 'publish', name="catalogue_publish"),
url(r'^book/(?P<slug>[^/]+)/$', 'book', name="catalogue_book"),
- url(r'^book/(?P<slug>[^/]+)/gallery/$', GalleryView.as_view(), name="catalogue_book_gallery"),
+ url(r'^book/(?P<slug>[^/]+)/gallery/$',
+ permission_required('catalogue.change_book')(GalleryView.as_view()),
+ name="catalogue_book_gallery"),
url(r'^book/(?P<slug>[^/]+)/xml$', 'book_xml', name="catalogue_book_xml"),
url(r'^book/(?P<slug>[^/]+)/txt$', 'book_txt', name="catalogue_book_txt"),
url(r'^book/(?P<slug>[^/]+)/html$', 'book_html', name="catalogue_book_html"),
class GalleryView(UploadView):
def get_object(self, request, slug):
book = get_object_or_404(Book, slug=slug)
- if not book.public and not request.user.has_perm('catalogue.change_book'):
- return HttpResponseForbidden()
if not book.gallery:
raise Http404
return book
fnp / redakcja.git / commitdiff