From f7d75c235c43401e07ebbf70300bfc599263b805 Mon Sep 17 00:00:00 2001
From: Andrey <andrey.goo@gmail.com>
Date: Wed, 15 Mar 2017 17:17:51 +0300
Subject: [PATCH] docs: more strict control in ajax get_pair

---
 project/docs/views/ajax.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/project/docs/views/ajax.py b/project/docs/views/ajax.py
index bd4a767..8fea4b6 100644
--- a/project/docs/views/ajax.py
+++ b/project/docs/views/ajax.py
@@ -15,6 +15,11 @@ def get_pair(request, model, param1, val1, param2):
     if not request.is_ajax():
         return HttpResponseBadRequest()
 
+    if model not in ('Country', 'Measure',):
+        return HttpResponseBadRequest()
+
+    raise_if_no_profile(request)
+
     kwargs = {param1: val1}
 
     try: