Prevent reviewing unapproved packages

This commit is contained in:
rubenwardy 2023-01-02 15:51:19 +00:00
parent d3bdf4cf03
commit 18f70738d0
2 changed files with 22 additions and 13 deletions

@ -25,7 +25,7 @@ from flask_wtf import FlaskForm
from wtforms import *
from wtforms.validators import *
from app.models import db, PackageReview, Thread, ThreadReply, NotificationType, PackageReviewVote, Package, UserRank, \
Permission, AuditSeverity
Permission, AuditSeverity, PackageState
from app.utils import is_package_page, addNotification, get_int_or_abort, isYes, is_safe_url, rank_required, addAuditLog
from app.tasks.webhooktasks import post_discord_webhook
@ -54,6 +54,9 @@ def review(package):
flash(gettext("You can't review your own package!"), "danger")
return redirect(package.getURL("packages.view"))
if package.state != PackageState.APPROVED:
abort(404)
review = PackageReview.query.filter_by(package=package, author=current_user).first()
can_review = review is not None or current_user.canReviewRL()

@ -297,6 +297,7 @@
<h2 id="reviews" class="mt-0">{{ _("Reviews") }}</h2>
{% from "macros/reviews.html" import render_reviews, render_review_form, render_review_preview with context %}
{% if package.state.name == "APPROVED" %}
{% if current_user.is_authenticated %}
{% if has_review %}
<p>
@ -314,6 +315,11 @@
{% else %}
{{ render_review_preview(package) }}
{% endif %}
{% else %}
<p>
{{ _("Package needs to be approved before it can be reviewed.") }}
</p>
{% endif %}
{% if current_user.is_authenticated and current_user.rank.atLeast(current_user.rank.ADMIN) %}
<a href="{{ package.getURL('packages.review_votes') }}" class="btn btn-secondary">{{ _("Review Votes") }}</a>