From 0ff04ae58a660bbf4740313a9e95ebc96c7fc558 Mon Sep 17 00:00:00 2001
From: iou1name <iou1name@national.shitposting.agency>
Date: Wed, 26 Feb 2020 07:15:09 -0500
Subject: [PATCH] users can only view their own gallery

---
 saddle.py             | 7 ++-----
 templates/header.html | 2 +-
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/saddle.py b/saddle.py
index 640303c..8e95db1 100644
--- a/saddle.py
+++ b/saddle.py
@@ -83,13 +83,10 @@ async def index(request):
 		return web.json_response(urls)
 
 
-@routes.get('/gallery/{user_id}', name='gallery')
+@routes.get('/gallery', name='gallery')
 async def gallery(request):
 	"""A user's gallery page."""
-	try:
-		user_id = int(request.match_info['user_id'])
-	except ValueError:
-		raise web.HTTPNotFound
+	user_id = int(request.cookies.get('userid'))
 
 	async with request.app['pool'].acquire() as conn:
 		uploads = await conn.fetch(
diff --git a/templates/header.html b/templates/header.html
index addf678..7639c3c 100644
--- a/templates/header.html
+++ b/templates/header.html
@@ -4,5 +4,5 @@
 </div>
 <nav>
 	<span><a href="{{ url('index') }}">Home</a></span>
-	<span><a href="{{ url('gallery', user_id=request.cookies.get('userid')) }}">Gallery</a></span>
+	<span><a href="{{ url('gallery') }}">Gallery</a></span>
 </nav>