summaryrefslogtreecommitdiffstats
path: root/activities/views
diff options
context:
space:
mode:
Diffstat (limited to 'activities/views')
-rw-r--r--activities/views/posts.py5
1 files changed, 4 insertions, 1 deletions
diff --git a/activities/views/posts.py b/activities/views/posts.py
index e1609cc..59b1f56 100644
--- a/activities/views/posts.py
+++ b/activities/views/posts.py
@@ -1,5 +1,5 @@
from django import forms
-from django.http import JsonResponse
+from django.http import Http404, JsonResponse
from django.shortcuts import get_object_or_404, redirect, render
from django.utils.decorators import method_decorator
from django.views.generic import FormView, TemplateView, View
@@ -145,6 +145,9 @@ class Delete(TemplateView):
def dispatch(self, request, handle, post_id):
self.identity = by_handle_or_404(self.request, handle, local=False)
self.post_obj = get_object_or_404(self.identity.posts, pk=post_id)
+ # Make sure the request identity owns the post!
+ if self.post_obj.author != request.identity:
+ raise Http404("Post author is not requestor")
return super().dispatch(request)
def get_context_data(self):
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 22:59:31 +0000