From f5f0ea3c35a3c4d142117b9990860d6630785999 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Fri, 20 Sep 2024 14:30:31 +0200 Subject: [PATCH] fix delete token. only user tokens allowed --- api/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/views.py b/api/views.py index 2aeb4de..fbccb79 100644 --- a/api/views.py +++ b/api/views.py @@ -99,7 +99,7 @@ class TokenDeleteView(DashboardView, DeleteView): def get(self, request, *args, **kwargs): self.pk = kwargs['pk'] - self.object = get_object_or_404(self.model, pk=self.pk) + self.object = get_object_or_404(self.model, pk=self.pk, owner=self.request.user) self.object.delete() return redirect('api:tokens')