One small optimization for a man...
[wolnelektury.git] / apps / social / views.py
index 27769d7..8af17da 100644 (file)
@@ -61,7 +61,10 @@ class ObjectSetsFormView(AjaxableFormView):
         return (obj, request.user), {}
 
 
+@require_POST
 def unlike_book(request, slug):
+    if not request.user.is_authenticated():
+        return HttpResponseForbidden('Login required.')
     book = get_object_or_404(Book, slug=slug)
     if likes(request.user, book):
         set_sets(request.user, book, [])