Only allow exporting if you're a board member

svsticky · Dec 12, 2023 · 9b3f11d · 9b3f11d
1 parent fcea458
commit 9b3f11d
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/admin_board_view/views.py b/admin_board_view/views.py
@@ -203,6 +203,10 @@ def export_sale_transactions(request):
     Returns:
         HttpResponse: The csv file containing the sale transactions in the given date range.
     """
+    # Only allow export for authanticated users
+    if not request.user.is_superuser:
+        return HttpResponse("You are not authenticated.", status=401)
+
     try:
         req_get = request.GET
         export_type = req_get.get('type')