From 2f06737731772f9d2b52152295cd906c8388ab5a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Thu, 19 Nov 2015 15:59:07 +0100
Subject: [PATCH] misc: protect "basket link cell" against anonymous ajax calls
 (#9045)

---
 lingo/models.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lingo/models.py b/lingo/models.py
index 716e55d..56a8dba 100644
--- a/lingo/models.py
+++ b/lingo/models.py
@@ -295,6 +295,8 @@ class LingoBasketLinkCell(CellBase):
         return len(items) > 0
 
     def render(self, context):
+        if not (getattr(context['request'], 'user', None) and context['request'].user.is_authenticated()):
+            return ''
         basket_template = template.loader.get_template('lingo/combo/basket_link.html')
         context['items'] = BasketItem.objects.filter(
                 user=context['request'].user, payment_date__isnull=True