[extensions-web/wip/media-permissions] extensions: properly check user permissions for media upload
- From: Yuri Konotopov <ykonotopov src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [extensions-web/wip/media-permissions] extensions: properly check user permissions for media upload
- Date: Tue, 26 May 2020 20:21:47 +0000 (UTC)
commit ddbc8e414cc3d63bc3bf6a508165dffefe1871be
Author: Yuri Konotopov <ykonotopov gnome org>
Date: Wed May 27 00:18:03 2020 +0400
extensions: properly check user permissions for media upload
sweettooth/extensions/views.py | 6 ++++++
1 file changed, 6 insertions(+)
---
diff --git a/sweettooth/extensions/views.py b/sweettooth/extensions/views.py
index cbf85f5..47df3a1 100644
--- a/sweettooth/extensions/views.py
+++ b/sweettooth/extensions/views.py
@@ -346,6 +346,9 @@ def ajax_inline_edit_view(request, extension):
@require_POST
@model_view(models.Extension)
def ajax_upload_screenshot_view(request, extension):
+ if not extension.user_can_edit(request.user):
+ return HttpResponseForbidden()
+
extension.screenshot = request.FILES['file']
extension.save(replace_metadata_json=False)
return extension.screenshot.url
@@ -354,6 +357,9 @@ def ajax_upload_screenshot_view(request, extension):
@require_POST
@model_view(models.Extension)
def ajax_upload_icon_view(request, extension):
+ if not extension.user_can_edit(request.user):
+ return HttpResponseForbidden()
+
extension.icon = request.FILES['file']
extension.save(replace_metadata_json=False)
return extension.icon.url
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]