Commit 63506b15 authored by Sli's avatar Sli

Protect stats from other users

parent dfd465c7
Pipeline #830 canceled with stage
......@@ -262,6 +262,14 @@ class UserStatsView(UserTabsMixin, CanViewMixin, DetailView):
template_name = "core/user_stats.jinja"
current_tab = 'stats'
def dispatch(self, request, *arg, **kwargs):
profile = self.get_object()
if (profile != request.user and not request.user.is_root):
raise PermissionDenied
return super(UserStatsView, self).dispatch(request, *arg, **kwargs)
def get_context_data(self, **kwargs):
kwargs = super(UserStatsView, self).get_context_data(**kwargs)
from counter.models import Counter, Product, Selling
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment