Conservancy/reimbursinator
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #128 from danieldupriest/user_check_final

Browse source 
added conditional to check user in finalize_report()
This commit is contained in:
Logan Miller 2019-03-08 23:37:52 -08:00 committed by GitHub
commit 5259738a3d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
back/backend/views.py
View file

@ -242,6 +242,10 @@ def finalize_report(request, report_pk):
:param report_pk: report ID :param report_pk: report ID
:return: JSON response containing user message :return: JSON response containing user message
""" """
# Check that the user owns the report
if not user_owns_report(user=request.user, report=report_pk):
return JsonResponse({"message": "Current user does not own the specified report."}, status=401)
r = Report.objects.get(id=report_pk) r = Report.objects.get(id=report_pk)
if r.submitted: if r.submitted:
return JsonResponse({"message": "Cannot submit a report that has already been submitted."}, status=409) return JsonResponse({"message": "Cannot submit a report that has already been submitted."}, status=409)