From f22f2cbde6ab143e47ed42b6714b4a5d75f9579d Mon Sep 17 00:00:00 2001
From: klmp200 <klmp200@klmp200.net>
Date: Mon, 26 Sep 2016 23:56:24 +0200
Subject: [PATCH] Only club members can view counter's stats

---
 counter/views.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/counter/views.py b/counter/views.py
index 650f0715..c77c4fd3 100644
--- a/counter/views.py
+++ b/counter/views.py
@@ -4,6 +4,7 @@ from django.views.generic.edit import UpdateView, CreateView, DeleteView, Proces
 from django.forms.models import modelform_factory
 from django.forms import CheckboxSelectMultiple
 from django.core.urlresolvers import reverse_lazy
+from django.core.exceptions import PermissionDenied
 from django.http import HttpResponseRedirect
 from django.utils import timezone
 from django import forms
@@ -723,6 +724,16 @@ class CounterStatView(DetailView):
                 ).exclude(selling_sum=None).order_by('-selling_sum').all()[:100]
         return kwargs
 
+    def dispatch(self, request, *args, **kwargs):
+        res = super(CounterStatView, self).dispatch(request, *args, **kwargs)
+        # help(self.object)
+        if (request.user.is_root
+            or request.user.is_board_member
+            or self.object.is_owned_by(request.user)
+            ):
+            return res
+        raise PermissionDenied
+
 
 class CashSummaryListView(CanEditPropMixin, CounterTabsMixin, ListView):
     """Display a list of cash summaries"""