reynir/bornhack-website
1
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

check that this order belongs to this user

Browse source
This commit is contained in:
Thomas Steen Rasmussen 2016-05-12 18:14:30 +02:00
parent bbee72c67f
commit 29c0696f3f
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
shop/views.py
View file

@ -35,6 +35,11 @@ class CheckoutView(LoginRequiredMixin, DetailView):
template_name = 'shop/order_detail.html'
context_object_name = 'order'
def get(self, request, *args, **kwargs):
if self.get_object().user != request.user:
raise Http404("Order not found")
return self.render_to_response(self.get_context_data())
class PaymentView(LoginRequiredMixin, FormView):
"""