[extensions-web] views: Prevent an extension author from activating an unreviewed/rejected extension

From: Jasper St. Pierre <jstpierre src gnome org>
To: commits-list gnome org
Cc:
Subject: [extensions-web] views: Prevent an extension author from activating an unreviewed/rejected extension
Date: Tue, 1 May 2012 07:59:30 +0000 (UTC)

commit 606034335d5614afd809d4e0204669073a90f740
Author: Jasper St. Pierre <jstpierre mecheye net>
Date:   Tue May 1 03:59:20 2012 -0400

    views: Prevent an extension author from activating an unreviewed/rejected extension
    
    Oops

 sweettooth/extensions/views.py |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/sweettooth/extensions/views.py b/sweettooth/extensions/views.py
index 2be104c..4c8ce2a 100644
--- a/sweettooth/extensions/views.py
+++ b/sweettooth/extensions/views.py
@@ -364,6 +364,9 @@ def ajax_set_status_view(request, newstatus):
     if not extension.user_can_edit(request.user):
         return HttpResponseForbidden()
 
+    if version.status not in (models.STATUS_ACTIVE, models.STATUS_INACTIVE):
+        return HttpResponseForbidden()
+
     version.status = newstatus
     version.save()

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]