From d8990e1ab64fe3bf453d06fab8e983d25f2df2c4 Mon Sep 17 00:00:00 2001 From: Jan Szejko Date: Tue, 23 May 2017 15:50:11 +0200 Subject: [PATCH 1/1] allow download xml for non-public books (tmp?) --- apps/catalogue/views.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py index e71b3495..c6ae4197 100644 --- a/apps/catalogue/views.py +++ b/apps/catalogue/views.py @@ -205,9 +205,7 @@ def upload(request): def serve_xml(request, book, slug): - if not book.accessible(request): - return HttpResponseForbidden("Not authorized.") - xml = book.materialize() + xml = book.materialize(publishable=True) response = http.HttpResponse(xml, content_type='application/xml') response['Content-Disposition'] = 'attachment; filename=%s.xml' % slug return response @@ -216,11 +214,14 @@ def serve_xml(request, book, slug): @never_cache def book_xml(request, slug): book = get_object_or_404(Book, slug=slug) + if not book.accessible(request): + return HttpResponseForbidden("Not authorized.") return serve_xml(request, book, slug) @never_cache def book_xml_dc(request, slug): + # no permission check, because non-public books book = get_object_or_404(Book, dc_slug=slug) return serve_xml(request, book, slug) -- 2.20.1