summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-11-03 21:20:28 -0500
committerDan McGee <dan@archlinux.org>2011-11-03 21:20:28 -0500
commit800ea45528e297c38e068775951e666f8191ef45 (patch)
tree80afe3c0ef58bed6c906e4c67d0f8a2a532a789d
parent5f2c3bf98baabf919681525e600639643aa2c119 (diff)
Ensure signoffs can only be created if allowed
Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r--packages/views.py7
1 files changed, 5 insertions, 2 deletions
diff --git a/packages/views.py b/packages/views.py
index 307691e2..00dd7f7d 100644
--- a/packages/views.py
+++ b/packages/views.py
@@ -388,9 +388,10 @@ def signoffs(request):
def signoff_package(request, name, repo, arch, revoke=False):
packages = get_list_or_404(Package, pkgbase=name,
arch__name=arch, repo__name__iexact=repo, repo__testing=True)
-
package = packages[0]
+ spec = SignoffSpecification.objects.get_or_default_from_package(package)
+
if revoke:
try:
signoff = Signoff.objects.get_from_package(
@@ -401,11 +402,13 @@ def signoff_package(request, name, repo, arch, revoke=False):
signoff.save()
created = False
else:
+ # ensure we should even be accepting signoffs
+ if spec.known_bad or not spec.enabled:
+ return render(request, '403.html', status=403)
signoff, created = Signoff.objects.get_or_create_from_package(
package, request.user)
all_signoffs = Signoff.objects.for_package(package)
- spec = SignoffSpecification.objects.get_or_default_from_package(package)
if request.is_ajax():
data = {