From 63506b15066e2abe0069e3a362a0530a3e16de1f Mon Sep 17 00:00:00 2001
From: klmp200 <klmp200@klmp200.net>
Date: Tue, 28 Mar 2017 01:03:31 +0200
Subject: [PATCH] Protect stats from other users

---
 core/views/user.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/core/views/user.py b/core/views/user.py
index 32988906..63bccc4e 100644
--- a/core/views/user.py
+++ b/core/views/user.py
@@ -262,6 +262,14 @@ class UserStatsView(UserTabsMixin, CanViewMixin, DetailView):
     template_name = "core/user_stats.jinja"
     current_tab = 'stats'
 
+    def dispatch(self, request, *arg, **kwargs):
+        profile = self.get_object()
+
+        if (profile != request.user and not request.user.is_root):
+            raise PermissionDenied
+
+        return super(UserStatsView, self).dispatch(request, *arg, **kwargs)
+
     def get_context_data(self, **kwargs):
         kwargs = super(UserStatsView, self).get_context_data(**kwargs)
         from counter.models import Counter, Product, Selling