For function edit_queue and run_queue, it would be better if you check whether the current user who try to go to these page is the real business owner or not and if not redirect to home page with messages.
def edit_queue(request, pk):
business = get_object_or_404(Business, user=request.user)
try:
queue = Queue.objects.get(pk=pk, business=business)
except Queue.DoesNotExist:
messages.error(request, "You can not edit this queue")
return redirect('business:home')
For function edit_queue and run_queue, it would be better if you check whether the current user who try to go to these page is the real business owner or not and if not redirect to home page with messages.
def edit_queue(request, pk): business = get_object_or_404(Business, user=request.user) try: queue = Queue.objects.get(pk=pk, business=business) except Queue.DoesNotExist: messages.error(request, "You can not edit this queue") return redirect('business:home')