X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/3fceb197b7f492cf5cfcb4034b6e045638f128d4..beb5154606f790915bc56b9cb8af824537cc7d7a:/src/catalogue/views.py

diff --git a/src/catalogue/views.py b/src/catalogue/views.py
index 2ea5eb019..632eff868 100644
--- a/src/catalogue/views.py
+++ b/src/catalogue/views.py
@@ -15,6 +15,7 @@ from django.contrib.auth.decorators import login_required, user_passes_test
 from django.utils.http import urlquote_plus
 from django.utils import translation
 from django.utils.translation import ugettext as _, ugettext_lazy
+from django.views.decorators.cache import never_cache
 
 from ajaxable.utils import AjaxableFormView
 from club.models import Membership
@@ -354,15 +355,16 @@ def tag_info(request, tag_id):
     return HttpResponse(tag.description)
 
 
-def embargo_link(request, format_, slug):
+@never_cache
+def embargo_link(request, key, format_, slug):
     book = get_object_or_404(Book, slug=slug)
     if format_ not in Book.formats:
         raise Http404
+    if key != book.preview_key:
+        raise Http404
     media_file = book.get_media(format_)
     if not book.preview:
         return HttpResponseRedirect(media_file.url)
-    if not Membership.is_active_for(request.user):
-        return HttpResponseRedirect(book.get_absolute_url())
     return HttpResponse(media_file, content_type=constants.EBOOK_CONTENT_TYPES[format_])