Raise 404 for any object within disabled project for non-admins

Fix #4439

pootle/apps/pootle_project/views.py

@@ -49,9 +49,12 @@ def permission_context(self):
 
     @cached_property
     def project(self):
-        return get_object_or_404(
+        project = get_object_or_404(
             Project.objects.select_related("directory"),
             code=self.kwargs["project_code"])
+        if project.disabled and not self.request.profile.is_superuser:
+            raise Http404
+        return project
 
     @property
     def url_kwargs(self):

pootle/apps/pootle_translationproject/views.py

@@ -143,6 +143,8 @@ def tp(self):
 
     @cached_property
     def project(self):
+        if self.tp.project.disabled and not self.request.profile.is_superuser:
+            raise Http404
         return self.tp.project
 
     @cached_property