From a0c9ea474522db2f02fe5a4ae398b4337ce3d29a Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Mon, 24 Apr 2023 14:34:01 -0400
Subject: [PATCH] The queryset is already filtered by the owner

---
 program/views.py | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/program/views.py b/program/views.py
index c4c3ae5b..5a1252b5 100644
--- a/program/views.py
+++ b/program/views.py
@@ -329,9 +329,6 @@ class APIImageViewSet(viewsets.ModelViewSet):
 
         image = self.get_object()
 
-        if image.owner != request.user.username:
-            return Response(status=status.HTTP_403_FORBIDDEN)
-
         serializer = ImageSerializer(
             image,
             data=request.data,
@@ -348,9 +345,6 @@ class APIImageViewSet(viewsets.ModelViewSet):
 
         image = self.get_object()
 
-        if image.owner != request.user.username:
-            return Response(status=status.HTTP_401_UNAUTHORIZED)
-
         image.delete()
 
         return Response(status=status.HTTP_204_NO_CONTENT)
-- 
GitLab