Minor fixes.

[wolnelektury.git] / src / catalogue / views.py

diff --git a/src/catalogue/views.py b/src/catalogue/views.py
index 2ea5eb0..632eff8 100644 (file)
--- a/src/catalogue/views.py
+++ b/src/catalogue/views.py
@@ -15,6 +15,7 @@ from django.contrib.auth.decorators import login_required, user_passes_test
 from django.utils.http import urlquote_plus
 from django.utils import translation
 from django.utils.translation import ugettext as _, ugettext_lazy
 from django.utils.http import urlquote_plus
 from django.utils import translation
 from django.utils.translation import ugettext as _, ugettext_lazy

+from django.views.decorators.cache import never_cache

 
 from ajaxable.utils import AjaxableFormView
 from club.models import Membership
 
 from ajaxable.utils import AjaxableFormView
 from club.models import Membership


@@ -354,15 +355,16 @@ def tag_info(request, tag_id):
     return HttpResponse(tag.description)
 
 
     return HttpResponse(tag.description)
 
 

-def embargo_link(request, format_, slug):
+@never_cache
+def embargo_link(request, key, format_, slug):

     book = get_object_or_404(Book, slug=slug)
     if format_ not in Book.formats:
         raise Http404
     book = get_object_or_404(Book, slug=slug)
     if format_ not in Book.formats:
         raise Http404

+    if key != book.preview_key:
+        raise Http404

     media_file = book.get_media(format_)
     if not book.preview:
         return HttpResponseRedirect(media_file.url)
     media_file = book.get_media(format_)
     if not book.preview:
         return HttpResponseRedirect(media_file.url)

-    if not Membership.is_active_for(request.user):
-        return HttpResponseRedirect(book.get_absolute_url())

     return HttpResponse(media_file, content_type=constants.EBOOK_CONTENT_TYPES[format_])
 
 
     return HttpResponse(media_file, content_type=constants.EBOOK_CONTENT_TYPES[format_])