Commit a39bc455 authored by Gijs Hendriksen's avatar Gijs Hendriksen
Browse files

Fixed issue where /orders/me/ still allowed you to update an already paid order

parent 52424010
......@@ -73,7 +73,7 @@ class OrderViewset(ModelViewSet):
def get_object(self):
if self.kwargs[self.lookup_field] == 'me':
order = get_object_or_404(Order,
order = get_object_or_404(self.get_queryset(),
member=self.request.user.member,
pizza_event=PizzaEvent.current())
self.check_object_permissions(self.request, order)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment