Raise 404 for HostingOrder not belonging to user

hosting/views.py

@@ -670,9 +670,16 @@ class OrdersHostingDetailView(LoginRequiredMixin,
     permission_required = ['view_hostingorder']
     model = HostingOrder
 
-    def get_object(self):
+    def get_object(self, queryset=None):
-        return HostingOrder.objects.get(
+        try:
-            pk=self.kwargs.get('pk')) if self.kwargs.get('pk') else None
+            hosting_order_obj = HostingOrder.objects.get(
+                pk=self.kwargs.get('pk')
+            )
+        except HostingOrder.DoesNotExist:
+            hosting_order_obj = None
+        if not self.request.user.has_perm(hosting_order_obj):
+            raise Http404
+        return hosting_order_obj
 
     def get_context_data(self, **kwargs):
         # Get context