discoman/python-tdd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ensured my_list is viewable by auth user only
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Disco DeDisco
2026-02-17 20:26:42 -05:00
parent 877e3f35cf
commit d74189f0b7
2 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/apps/dashboard/views.py
View File

@@ -1,3 +1,4 @@
from django.http import HttpResponseForbidden
from django.shortcuts import redirect, render
from .forms import ExistingListItemForm, ItemForm
from .models import Item, List
@@ -31,4 +32,8 @@ def view_list(request, list_id):
def my_lists(request, user_id):
owner = User.objects.get(id=user_id)
if not request.user.is_authenticated:
return redirect("/")
if request.user.id != owner.id:
return HttpResponseForbidden()
return render(request, "apps/dashboard/my_lists.html", {"owner": owner})