Returns a 403 permission forbidden when deleting links that aren't yours.

go/go/views.py

@@ -4,7 +4,7 @@ from datetime import timedelta
 from django.http import Http404
 from django.utils import timezone
 from django.contrib.auth.models import User
-from django.core.exceptions import ValidationError
+from django.core.exceptions import PermissionDenied
 from django.contrib.auth.decorators import login_required
 from django.shortcuts import render, get_object_or_404, redirect
 
@@ -59,24 +59,23 @@ def success(request):
 
 # My-Links page.
 @login_required
-def my_links(request, permission = True):
+def my_links(request):
     links = URL.objects.filter( owner = request.user )
 
     return render(request, 'my_links.html', {
         'links' : links,
-        'permission' : permission,
     },
     )
 
 # Delete link page.
 @login_required
 def delete(request, short):
-    url = URL.objects.get( short = short )
+    url = get_object_or_404(URL, short = short )
     if url.owner == request.user:
         url.delete()
         return redirect('my_links')
     else:
-        return my_links(request, permission = False)
+        raise PermissionDenied()
 
 # About page, static.
 def about(request):

go/settings/urls.py

@@ -18,7 +18,7 @@ urlpatterns = patterns('go.views',
     url(r'^signup/?$', 'signup', name = 'signup'),
 
     # /my - My-Links page, view and review links.
-    url(r'^my/?$', 'my_links', {'permission' : True}, name = 'my_links'),
+    url(r'^my/?$', 'my_links', name = 'my_links'),
 
     # /delete - Delete a link, no content display.
     url(r'^delete/(?P<short>\w+)$', 'delete', name = 'delete'),

go/templates/my_links.html

@@ -8,10 +8,6 @@ Go - A URL Shortener
 
 {% block content %}
 
-{% if not permission %}
-  <p class="error">That link does not belong to you!</p>
-{% endif %}
-
 {% if links %}
   <div id="mylinks">
   {% for link in links %}