aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fietsboek/views/browse.py5
1 files changed, 4 insertions, 1 deletions
diff --git a/fietsboek/views/browse.py b/fietsboek/views/browse.py
index 490c0cf..17dd45a 100644
--- a/fietsboek/views/browse.py
+++ b/fietsboek/views/browse.py
@@ -3,7 +3,7 @@ from io import RawIOBase
from zipfile import ZipFile, ZIP_DEFLATED
from pyramid.view import view_config
-from pyramid.httpexceptions import HTTPForbidden
+from pyramid.httpexceptions import HTTPForbidden, HTTPNotFound
from pyramid.response import Response
from sqlalchemy import select
@@ -87,6 +87,9 @@ def archive(request):
tracks = session.execute(
select(models.Track).filter(models.Track.id.in_(track_ids))).scalars().fetchall()
+ if len(tracks) != len(track_ids):
+ return HTTPNotFound()
+
for track in tracks:
if not track.is_visible_to(request.identity):
return HTTPForbidden()
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 16:25:50 +0000