make sure all tracks are found in the archive

author: Daniel Schadt <kingdread@gmx.de> 2022-07-17 20:56:03 +0200
committer: Daniel Schadt <kingdread@gmx.de> 2022-07-17 20:56:03 +0200
commit: d8ba9371656f9bd1492b9fbe13234f216ebbd240 (patch)
tree: 673a0664cf847357a64bcae1d2bf7d2d33ee6bdd
parent: 7e86285887866ed10bc9868a0f9aa3b5e5094aba (diff)
download: fietsboek-d8ba9371656f9bd1492b9fbe13234f216ebbd240.tar.gz
fietsboek-d8ba9371656f9bd1492b9fbe13234f216ebbd240.tar.bz2
fietsboek-d8ba9371656f9bd1492b9fbe13234f216ebbd240.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/fietsboek/views/browse.py b/fietsboek/views/browse.py
index 490c0cf..17dd45a 100644
--- a/fietsboek/views/browse.py
+++ b/fietsboek/views/browse.py
@@ -3,7 +3,7 @@ from io import RawIOBase
 from zipfile import ZipFile, ZIP_DEFLATED
 
 from pyramid.view import view_config
-from pyramid.httpexceptions import HTTPForbidden
+from pyramid.httpexceptions import HTTPForbidden, HTTPNotFound
 from pyramid.response import Response
 
 from sqlalchemy import select
@@ -87,6 +87,9 @@ def archive(request):
     tracks = session.execute(
         select(models.Track).filter(models.Track.id.in_(track_ids))).scalars().fetchall()
 
+    if len(tracks) != len(track_ids):
+        return HTTPNotFound()
+
     for track in tracks:
         if not track.is_visible_to(request.identity):
             return HTTPForbidden()
author	Daniel Schadt <kingdread@gmx.de>	2022-07-17 20:56:03 +0200
committer	Daniel Schadt <kingdread@gmx.de>	2022-07-17 20:56:03 +0200
commit	d8ba9371656f9bd1492b9fbe13234f216ebbd240 (patch)
tree	673a0664cf847357a64bcae1d2bf7d2d33ee6bdd
parent	7e86285887866ed10bc9868a0f9aa3b5e5094aba (diff)
download	fietsboek-d8ba9371656f9bd1492b9fbe13234f216ebbd240.tar.gz fietsboek-d8ba9371656f9bd1492b9fbe13234f216ebbd240.tar.bz2 fietsboek-d8ba9371656f9bd1492b9fbe13234f216ebbd240.zip