From 9095434ac66cc305699802245ce9561186f72d20 Mon Sep 17 00:00:00 2001
From: Taras Semenenko <taras.semenenko@gmail.com>
Date: Wed, 3 Feb 2016 00:15:07 +0300
Subject: [PATCH] Raise 404 for any object within disabled project for
 non-admins

Fix #4439
---
 pootle/apps/pootle_project/views.py            | 5 ++++-
 pootle/apps/pootle_translationproject/views.py | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/pootle/apps/pootle_project/views.py b/pootle/apps/pootle_project/views.py
index 3dbe741e031..cbb98dfb3d7 100644
--- a/pootle/apps/pootle_project/views.py
+++ b/pootle/apps/pootle_project/views.py
@@ -49,9 +49,12 @@ def permission_context(self):
 
     @cached_property
     def project(self):
-        return get_object_or_404(
+        project = get_object_or_404(
             Project.objects.select_related("directory"),
             code=self.kwargs["project_code"])
+        if project.disabled and not self.request.profile.is_superuser:
+            raise Http404
+        return project
 
     @property
     def url_kwargs(self):
diff --git a/pootle/apps/pootle_translationproject/views.py b/pootle/apps/pootle_translationproject/views.py
index c90c1f9f97d..b860f55bf7b 100644
--- a/pootle/apps/pootle_translationproject/views.py
+++ b/pootle/apps/pootle_translationproject/views.py
@@ -143,6 +143,8 @@ def tp(self):
 
     @cached_property
     def project(self):
+        if self.tp.project.disabled and not self.request.profile.is_superuser:
+            raise Http404
         return self.tp.project
 
     @cached_property