From 25e281ce329eb88c6aaf9e2c585cc134ab40c40e Mon Sep 17 00:00:00 2001 From: Emmy D'Anello Date: Wed, 23 Apr 2025 21:02:49 +0200 Subject: [PATCH] Prevent some errors --- participation/views.py | 4 ++-- registration/views.py | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/participation/views.py b/participation/views.py index 6387def..227f034 100644 --- a/participation/views.py +++ b/participation/views.py @@ -557,8 +557,8 @@ class ParticipationDetailView(LoginRequiredMixin, DetailView): if not self.get_object().valid: raise PermissionDenied(_("The team is not validated yet.")) if user.registration.is_admin or user.registration.participates \ - and user.registration.team.participation \ - and user.registration.team.participation.pk == kwargs["pk"] \ + and user.registration.team \ + and user.registration.team.participation_id == kwargs["pk"] \ or user.registration.is_volunteer \ and (self.get_object().tournament in user.registration.interesting_tournaments or self.get_object().final diff --git a/registration/views.py b/registration/views.py index cce26fe..29c7729 100644 --- a/registration/views.py +++ b/registration/views.py @@ -726,10 +726,11 @@ class PhotoAuthorizationView(LoginRequiredMixin, View): def get(self, request, *args, **kwargs): filename = kwargs["filename"] path = f"media/authorization/photo/{filename}" - if not os.path.exists(path): + student_qs = ParticipantRegistration.objects.first(Q(photo_authorization__endswith=filename) + | Q(photo_authorization_final__endswith=filename)) + if not os.path.exists(path) or not student_qs.exists(): raise Http404 - student = ParticipantRegistration.objects.get(Q(photo_authorization__endswith=filename) - | Q(photo_authorization_final__endswith=filename)) + student = student_qs.get() user = request.user if not (student.user == user or user.registration.is_admin or user.registration.is_volunteer and student.team and student.team.participation.tournament in user.registration.organized_tournaments.all()):