You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 17, 2023. It is now read-only.
scotwk edited this page May 10, 2015
·
3 revisions
We changed the index page so that it only lists a user's own notes. But the details page has no protection to stop people from viewing other people's notes. Try viewing a different user's note.
We will modify the detail to return a 403 code if a user tries to view someone else's note.
from django.core.exceptions import PermissionDenied
...
# In NoteDetail class, override the get() method to raise an
# error if the user tries to view another user's note.
def get(self, request, *args, **kwargs):
self.object = self.get_object()
if self.object.owner != self.request.user:
raise PermissionDenied
context = self.get_context_data(object=self.object)
return self.render_to_response(context)