From 67ba56c7e72dcdc24fec08b77dfd7f62ed39aac0 Mon Sep 17 00:00:00 2001 From: Jan Szejko Date: Mon, 28 Nov 2016 17:40:11 +0100 Subject: [PATCH 1/1] undo wrong changes --- apps/catalogue/urls.py | 4 +++- apps/catalogue/views.py | 2 -- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/catalogue/urls.py b/apps/catalogue/urls.py index 83ee0e26..7989d2ad 100644 --- a/apps/catalogue/urls.py +++ b/apps/catalogue/urls.py @@ -33,7 +33,9 @@ urlpatterns = patterns('catalogue.views', url(r'^book/(?P[^/]+)/publish$', 'publish', name="catalogue_publish"), url(r'^book/(?P[^/]+)/$', 'book', name="catalogue_book"), - url(r'^book/(?P[^/]+)/gallery/$', GalleryView.as_view(), name="catalogue_book_gallery"), + url(r'^book/(?P[^/]+)/gallery/$', + permission_required('catalogue.change_book')(GalleryView.as_view()), + name="catalogue_book_gallery"), url(r'^book/(?P[^/]+)/xml$', 'book_xml', name="catalogue_book_xml"), url(r'^book/(?P[^/]+)/txt$', 'book_txt', name="catalogue_book_txt"), url(r'^book/(?P[^/]+)/html$', 'book_html', name="catalogue_book_html"), diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py index 22aeffe8..b30297cd 100644 --- a/apps/catalogue/views.py +++ b/apps/catalogue/views.py @@ -587,8 +587,6 @@ def publish_image(request, slug): class GalleryView(UploadView): def get_object(self, request, slug): book = get_object_or_404(Book, slug=slug) - if not book.public and not request.user.has_perm('catalogue.change_book'): - return HttpResponseForbidden() if not book.gallery: raise Http404 return book -- 2.20.1