lingo: protect "basket link cell" against anonymous ajax calls (#9045)
This commit is contained in:
parent
d551a21475
commit
1a08a07c7b
|
@ -295,6 +295,8 @@ class LingoBasketLinkCell(CellBase):
|
|||
return len(items) > 0
|
||||
|
||||
def render(self, context):
|
||||
if not (getattr(context['request'], 'user', None) and context['request'].user.is_authenticated()):
|
||||
return ''
|
||||
basket_template = template.loader.get_template('lingo/combo/basket_link.html')
|
||||
context['items'] = BasketItem.objects.filter(
|
||||
user=context['request'].user, payment_date__isnull=True
|
||||
|
|
Loading…
Reference in New Issue