cookiecutter/cookiecutter-django
1
1
Fork 0
mirror of https://github.com/cookiecutter/cookiecutter-django.git synced 2025-08-10 06:54:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

403 when viewing other user's profile

Browse Source
This commit is contained in:
Fuzzwah 2024-07-27 15:41:31 +10:00 committed by GitHub
parent 207a9e576c
commit 1e3714390e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
{{cookiecutter.project_slug}}/{{cookiecutter.project_slug}}/users/views.py
View File

@ -5,6 +5,7 @@ from django.utils.translation import gettext_lazy as _
from django.views.generic import DetailView from django.views.generic import DetailView
from django.views.generic import RedirectView from django.views.generic import RedirectView
from django.views.generic import UpdateView from django.views.generic import UpdateView
from django.core.exceptions import PermissionDenied
from {{ cookiecutter.project_slug }}.users.models import User from {{ cookiecutter.project_slug }}.users.models import User
@ -19,6 +20,11 @@ class UserDetailView(LoginRequiredMixin, DetailView):
slug_url_kwarg = "username" slug_url_kwarg = "username"
{%- endif %} {%- endif %}
def get_object(self, queryset=None):
obj = super().get_object(queryset)
if obj.id != self.request.user.id:
raise PermissionDenied
return obj
user_detail_view = UserDetailView.as_view() user_detail_view = UserDetailView.as_view()