Hello! I think there is a flaw in ProductRetrieveView when looking for a product. The product search does not include the current CMS page. As a result, the product can be opened by a link that contains someone else's category. For example, we have an apple product and it is in the fruits category and is located under the /fruits/apple link. But because of this flaw, it can be opened for another existing category of vegetables: /vegetables/apple. This is because there is no filtering on the current CMS page in the product queryset here: https://github.com/awesto/django-shop/blob/13d9a77aff7eede74a5f363c1d540e005d88dbcd/shop/views/catalog.py#L310-L321
How about add to ProductRetrieveView ability support of backend filters like CMSPagesFilterBackend?:
Hello! I think there is a flaw in ProductRetrieveView when looking for a product. The product search does not include the current CMS page. As a result, the product can be opened by a link that contains someone else's category. For example, we have an apple product and it is in the fruits category and is located under the
/fruits/applelink. But because of this flaw, it can be opened for another existing category of vegetables:/vegetables/apple. This is because there is no filtering on the current CMS page in the product queryset here: https://github.com/awesto/django-shop/blob/13d9a77aff7eede74a5f363c1d540e005d88dbcd/shop/views/catalog.py#L310-L321How about add to ProductRetrieveView ability support of backend filters like CMSPagesFilterBackend?: