From 800ea45528e297c38e068775951e666f8191ef45 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Thu, 3 Nov 2011 21:20:28 -0500 Subject: Ensure signoffs can only be created if allowed Signed-off-by: Dan McGee --- packages/views.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/packages/views.py b/packages/views.py index 307691e..00dd7f7 100644 --- a/packages/views.py +++ b/packages/views.py @@ -388,9 +388,10 @@ def signoffs(request): def signoff_package(request, name, repo, arch, revoke=False): packages = get_list_or_404(Package, pkgbase=name, arch__name=arch, repo__name__iexact=repo, repo__testing=True) - package = packages[0] + spec = SignoffSpecification.objects.get_or_default_from_package(package) + if revoke: try: signoff = Signoff.objects.get_from_package( @@ -401,11 +402,13 @@ def signoff_package(request, name, repo, arch, revoke=False): signoff.save() created = False else: + # ensure we should even be accepting signoffs + if spec.known_bad or not spec.enabled: + return render(request, '403.html', status=403) signoff, created = Signoff.objects.get_or_create_from_package( package, request.user) all_signoffs = Signoff.objects.for_package(package) - spec = SignoffSpecification.objects.get_or_default_from_package(package) if request.is_ajax(): data = { -- cgit v1.2.3-24-g4f1b