From aaf5ca97f92c6ff52f86063735f817a988e39d31 Mon Sep 17 00:00:00 2001
From: Lance Edgar <ledgar@sacfoodcoop.com>
Date: Thu, 24 Mar 2016 00:24:25 -0500
Subject: [PATCH] Add last-minute check to ensure master views allows deletion

Generally for the 'delete' route to even exist the master view *class*
must still allow deletions.  But once a request is involved and we have
a view *instance* then we can disable deletions if we like.
---
 tailbone/views/master.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tailbone/views/master.py b/tailbone/views/master.py
index 6d6ff383..0cca7310 100644
--- a/tailbone/views/master.py
+++ b/tailbone/views/master.py
@@ -166,6 +166,9 @@ class MasterView(View):
         """
         View for deleting an existing model record.
         """
+        if not self.deletable:
+            raise httpexceptions.HTTPForbidden()
+
         self.deleting = True
         instance = self.get_instance()
         instance_title = self.get_instance_title(instance)