diff --git a/api/views/sas.py b/api/views/sas.py index 277ed390..063b9eab 100644 --- a/api/views/sas.py +++ b/api/views/sas.py @@ -6,7 +6,7 @@ from rest_framework.renderers import JSONRenderer from rest_framework.request import Request from rest_framework.response import Response -from core.views import can_edit_prop +from core.views import can_edit from core.models import User from sas.models import Picture @@ -24,7 +24,7 @@ def all_pictures_of_user(user: User) -> List[Picture]: @renderer_classes((JSONRenderer,)) def all_pictures_of_user_endpoint(request: Request, user: int): requested_user: User = get_object_or_404(User, pk=user) - if not can_edit_prop(requested_user, request.user): + if not can_edit(requested_user, request.user): raise PermissionDenied return Response( diff --git a/core/templates/core/user_pictures.jinja b/core/templates/core/user_pictures.jinja index b467c3bb..2d4e26a0 100644 --- a/core/templates/core/user_pictures.jinja +++ b/core/templates/core/user_pictures.jinja @@ -5,8 +5,10 @@ {% endblock %} {% block content %} + {% if can_edit(profile, user) %} + + {% endif %} {% for a in albums %} -