Merge remote-tracking branch 'origin/production' into production

author Jan Szejko <janek37@gmail.com>

Mon, 28 Nov 2016 16:37:49 +0000 (17:37 +0100)

committer Jan Szejko <janek37@gmail.com>

Mon, 28 Nov 2016 16:37:49 +0000 (17:37 +0100)
author Jan Szejko <janek37@gmail.com>
Mon, 28 Nov 2016 16:37:49 +0000 (17:37 +0100)
committer Jan Szejko <janek37@gmail.com>
Mon, 28 Nov 2016 16:37:49 +0000 (17:37 +0100)
diff --git a/apps/wiki/views.py b/apps/wiki/views.py

index 34f0240..fcbdf8b 100644 (file)
--- a/apps/wiki/views.py
+++ b/apps/wiki/views.py
@@ -220,7 +220,9 @@ def gallery(request, directory):
          images = [map_to_url(f) for f in map(smart_unicode, os.listdir(base_dir)) if is_image(f)]
          images.sort()
  
-        if not request.user.is_authenticated():
+        book = Book.objects.get(gallery=directory)
+
+        if not book.public and not request.user.is_authenticated():
              return HttpResponseForbidden("Not authorized.")
  
          return JSONResponse(images)
diff --git a/lib/librarian b/lib/librarian

index 7f5ff5c..a7228ee 160000 (submodule)
--- a/lib/librarian
+++ b/lib/librarian
@@ -1 +1 @@
-Subproject commit 7f5ff5c99803e281dc90364cd6efb77b8d91fa26
+Subproject commit a7228ee631d0902dd1d280ce4963954942621e60
author	Jan Szejko <janek37@gmail.com>
	Mon, 28 Nov 2016 16:37:49 +0000 (17:37 +0100)
committer	Jan Szejko <janek37@gmail.com>
	Mon, 28 Nov 2016 16:37:49 +0000 (17:37 +0100)
apps/wiki/views.py		patch \| blob \| history
lib/librarian		patch \| blob \| history