From 0347852253ae127eb3b65d8aa6970fb17022bef1 Mon Sep 17 00:00:00 2001 From: Ivlev Denis Date: Wed, 14 Feb 2018 13:38:29 +0300 Subject: [PATCH] LIL-237. Check auth in course detail view --- apps/course/views.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/apps/course/views.py b/apps/course/views.py index 6efa9f88..48e22845 100644 --- a/apps/course/views.py +++ b/apps/course/views.py @@ -5,6 +5,7 @@ from django.http import JsonResponse, Http404 from django.shortcuts import get_object_or_404 from django.template import loader, Context, Template from django.views.generic import View, CreateView, DetailView, ListView, TemplateView +from django.utils.decorators import method_decorator from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_http_methods from .models import Course, Like, Lesson, CourseComment, LessonComment @@ -157,18 +158,19 @@ class CourseEditView(TemplateView): return context +@method_decorator(login_required, name='dispatch') class CourseView(DetailView): model = Course context_object_name = 'course' template_name = 'course/course.html' def get(self, request, *args, **kwargs): - request = super().get(request, *args, **kwargs) + response = super().get(request, *args, **kwargs) if (self.object != Course.PUBLISHED and (request.user.role not in [User.AUTHOR_ROLE, User.ADMIN_ROLE] or - object.author != request.user)): + self.object.author != request.user)): raise Http404 - return request + return response def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs)