lingo: protect "basket link cell" against anonymous ajax calls (#9045)

2015-11-19 15:59:07 +01:00 · 2015-11-19 15:59:07 +01:00 · 1a08a07c7b
parent d551a21475
commit 1a08a07c7b
1 changed files with 2 additions and 0 deletions
--- a/combo/apps/lingo/models.py
+++ b/combo/apps/lingo/models.py
@ -295,6 +295,8 @@ class LingoBasketLinkCell(CellBase):
        return len(items) > 0

    def render(self, context):
+        if not (getattr(context['request'], 'user', None) and context['request'].user.is_authenticated()):
+            return ''
        basket_template = template.loader.get_template('lingo/combo/basket_link.html')
        context['items'] = BasketItem.objects.filter(
                user=context['request'].user, payment_date__isnull=True