Fix #65 Add Django tags for security to update & delete_recipe templates

chris-townsend · Jan 26, 2023 · f4c2eb8 · f4c2eb8
1 parent e33e522
commit f4c2eb8
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/templates/delete_recipe.html b/templates/delete_recipe.html
@@ -4,7 +4,9 @@
 {% load cloudinary %}
 {% load crispy_forms_tags %}
 
-<!-- This page allows a user to delete their own recipe -->
+{% if user.is_authenticated and user.id == recipe.author.id %}
+
+<!-- This page allows a user to delete their recipe if they are the recipe author -->
 <div class="container">
     <h1 class="page-title">Delete Recipe</h1>
     <hr>
@@ -28,4 +30,10 @@ <h5 class="text-center"><strong>Are you sure you want to delete your {{ recipe.t
     </div>
 </div>
 
+{% elif user.is_authenticated %}
+
+{% include "403.html" %}
+
+{% endif %}
+
 {% endblock %}
diff --git a/templates/update_recipe.html b/templates/update_recipe.html
@@ -4,8 +4,9 @@
 {% load cloudinary %}
 {% load crispy_forms_tags %}
 
+{% if user.is_authenticated and user.id == recipe.author.id %}
 
-<!-- This page allows a user to update their own recipe -->
+<!-- This page allows a user to update their recipe if they are the recipe author -->
 <div class="container">
     <h1 class="page-title">Update Recipe</h1>
     <hr>
@@ -25,5 +26,10 @@ <h1 class="page-title">Update Recipe</h1>
     </div>
 </div>
 
+{% elif user.is_authenticated %}
 
-{% endblock content %}
+{% include "403.html" %}
+
+{% endif %}
+
+{% endblock %}