forked from DGNum/gestioCOF
Add permission check to AccountStatBalance
Only connected user can get its balance data
This commit is contained in:
parent
87b9db520f
commit
1ee993e1e1
|
@ -2260,6 +2260,12 @@ class AccountStatBalance(PkUrlMixin, JSONDetailView):
|
||||||
# TODO: offset
|
# TODO: offset
|
||||||
return context
|
return context
|
||||||
|
|
||||||
|
def get_object(self, *args, **kwargs):
|
||||||
|
obj = super().get_object(*args, **kwargs)
|
||||||
|
if self.request.user != obj.user:
|
||||||
|
raise PermissionDenied
|
||||||
|
return obj
|
||||||
|
|
||||||
@method_decorator(login_required)
|
@method_decorator(login_required)
|
||||||
def dispatch(self, *args, **kwargs):
|
def dispatch(self, *args, **kwargs):
|
||||||
return super(AccountStatBalance, self).dispatch(*args, **kwargs)
|
return super(AccountStatBalance, self).dispatch(*args, **kwargs)
|
||||||
|
|
Loading…
Reference in a new issue