From 249d530e9478f9187092efbcc9d8a5b51ad033bb Mon Sep 17 00:00:00 2001 From: Jan Szejko Date: Mon, 28 Nov 2016 16:33:01 +0100 Subject: [PATCH] view gallery without logging in --- apps/catalogue/urls.py | 4 +--- apps/catalogue/views.py | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/catalogue/urls.py b/apps/catalogue/urls.py index 7989d2ad..83ee0e26 100644 --- a/apps/catalogue/urls.py +++ b/apps/catalogue/urls.py @@ -33,9 +33,7 @@ urlpatterns = patterns('catalogue.views', url(r'^book/(?P[^/]+)/publish$', 'publish', name="catalogue_publish"), url(r'^book/(?P[^/]+)/$', 'book', name="catalogue_book"), - url(r'^book/(?P[^/]+)/gallery/$', - permission_required('catalogue.change_book')(GalleryView.as_view()), - name="catalogue_book_gallery"), + url(r'^book/(?P[^/]+)/gallery/$', GalleryView.as_view(), name="catalogue_book_gallery"), url(r'^book/(?P[^/]+)/xml$', 'book_xml', name="catalogue_book_xml"), url(r'^book/(?P[^/]+)/txt$', 'book_txt', name="catalogue_book_txt"), url(r'^book/(?P[^/]+)/html$', 'book_html', name="catalogue_book_html"), diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py index b30297cd..22aeffe8 100644 --- a/apps/catalogue/views.py +++ b/apps/catalogue/views.py @@ -587,6 +587,8 @@ def publish_image(request, slug): class GalleryView(UploadView): def get_object(self, request, slug): book = get_object_or_404(Book, slug=slug) + if not book.public and not request.user.has_perm('catalogue.change_book'): + return HttpResponseForbidden() if not book.gallery: raise Http404 return book -- 2.20.1