diff options
author | Dan McGee <dan@archlinux.org> | 2011-11-03 21:20:28 -0500 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2011-11-03 21:20:28 -0500 |
commit | 800ea45528e297c38e068775951e666f8191ef45 (patch) | |
tree | 80afe3c0ef58bed6c906e4c67d0f8a2a532a789d /packages | |
parent | 5f2c3bf98baabf919681525e600639643aa2c119 (diff) |
Ensure signoffs can only be created if allowed
Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'packages')
-rw-r--r-- | packages/views.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/packages/views.py b/packages/views.py index 307691e2..00dd7f7d 100644 --- a/packages/views.py +++ b/packages/views.py @@ -388,9 +388,10 @@ def signoffs(request): def signoff_package(request, name, repo, arch, revoke=False): packages = get_list_or_404(Package, pkgbase=name, arch__name=arch, repo__name__iexact=repo, repo__testing=True) - package = packages[0] + spec = SignoffSpecification.objects.get_or_default_from_package(package) + if revoke: try: signoff = Signoff.objects.get_from_package( @@ -401,11 +402,13 @@ def signoff_package(request, name, repo, arch, revoke=False): signoff.save() created = False else: + # ensure we should even be accepting signoffs + if spec.known_bad or not spec.enabled: + return render(request, '403.html', status=403) signoff, created = Signoff.objects.get_or_create_from_package( package, request.user) all_signoffs = Signoff.objects.for_package(package) - spec = SignoffSpecification.objects.get_or_default_from_package(package) if request.is_ajax(): data = { |