X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/7583035c199c378c8d019937d155992709536b91..1cf4fe6c22fe42ace901bca722cb0c9a75cc0b39:/apps/social/views.py

diff --git a/apps/social/views.py b/apps/social/views.py
index 27769d740..8af17da4f 100644
--- a/apps/social/views.py
+++ b/apps/social/views.py
@@ -61,7 +61,10 @@ class ObjectSetsFormView(AjaxableFormView):
         return (obj, request.user), {}
 
 
+@require_POST
 def unlike_book(request, slug):
+    if not request.user.is_authenticated():
+        return HttpResponseForbidden('Login required.')
     book = get_object_or_404(Book, slug=slug)
     if likes(request.user, book):
         set_sets(request.user, book, [])