get_catalog() limit to own or public catalogs

2019-05-03 18:10:08 -07:00
parent 82a8d8f953
commit 7431f23b67
1 changed files with 2 additions and 1 deletions
--- a/catalogedit/views.py
+++ b/catalogedit/views.py
@ -1,4 +1,5 @@
 from django.contrib import messages
+from django.db.models import Q
 from django.http import HttpResponseRedirect, HttpResponse, JsonResponse
 from django.shortcuts import render, get_object_or_404
 from django.urls import reverse
@ -31,7 +32,7 @@ def catalogedit(request, id=0):

@login_required
 def get_catalog(request, id):
-    cat = get_object_or_404(Catalog, id=id)
+    cat = get_object_or_404(Catalog, Q(id=id) & (Q(owner=request.user) | Q(public=True)))
    return JsonResponse(cat.data, safe=False)