From 1e3714390e693a125a24e139a0ea6e92a13d5541 Mon Sep 17 00:00:00 2001 From: Fuzzwah Date: Sat, 27 Jul 2024 15:41:31 +1000 Subject: [PATCH] 403 when viewing other user's profile --- .../{{cookiecutter.project_slug}}/users/views.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/{{cookiecutter.project_slug}}/{{cookiecutter.project_slug}}/users/views.py b/{{cookiecutter.project_slug}}/{{cookiecutter.project_slug}}/users/views.py index 3f20f2686..71e9431b2 100644 --- a/{{cookiecutter.project_slug}}/{{cookiecutter.project_slug}}/users/views.py +++ b/{{cookiecutter.project_slug}}/{{cookiecutter.project_slug}}/users/views.py @@ -5,6 +5,7 @@ from django.utils.translation import gettext_lazy as _ from django.views.generic import DetailView from django.views.generic import RedirectView from django.views.generic import UpdateView +from django.core.exceptions import PermissionDenied from {{ cookiecutter.project_slug }}.users.models import User @@ -19,6 +20,11 @@ class UserDetailView(LoginRequiredMixin, DetailView): slug_url_kwarg = "username" {%- endif %} + def get_object(self, queryset=None): + obj = super().get_object(queryset) + if obj.id != self.request.user.id: + raise PermissionDenied + return obj user_detail_view = UserDetailView.as_view()