Prevent reviewing unapproved packages

This commit is contained in:
rubenwardy 2023-01-02 15:51:19 +00:00
parent d3bdf4cf03
commit 18f70738d0
2 changed files with 22 additions and 13 deletions

@ -25,7 +25,7 @@ from flask_wtf import FlaskForm
from wtforms import *
from wtforms.validators import *
from app.models import db, PackageReview, Thread, ThreadReply, NotificationType, PackageReviewVote, Package, UserRank, \
Permission, AuditSeverity
Permission, AuditSeverity, PackageState
from app.utils import is_package_page, addNotification, get_int_or_abort, isYes, is_safe_url, rank_required, addAuditLog
from app.tasks.webhooktasks import post_discord_webhook
@ -54,6 +54,9 @@ def review(package):
flash(gettext("You can't review your own package!"), "danger")
return redirect(package.getURL("packages.view"))
if package.state != PackageState.APPROVED:
abort(404)
review = PackageReview.query.filter_by(package=package, author=current_user).first()
can_review = review is not None or current_user.canReviewRL()

@ -297,22 +297,28 @@
<h2 id="reviews" class="mt-0">{{ _("Reviews") }}</h2>
{% from "macros/reviews.html" import render_reviews, render_review_form, render_review_preview with context %}
{% if current_user.is_authenticated %}
{% if has_review %}
<p>
<a class="btn btn-primary" href="{{ package.getURL("packages.review") }}">
{{ _("Edit Review") }}
</a>
</p>
{% elif current_user in package.maintainers %}
<p>
{{ _("You can't review your own package.") }}
</p>
{% if package.state.name == "APPROVED" %}
{% if current_user.is_authenticated %}
{% if has_review %}
<p>
<a class="btn btn-primary" href="{{ package.getURL("packages.review") }}">
{{ _("Edit Review") }}
</a>
</p>
{% elif current_user in package.maintainers %}
<p>
{{ _("You can't review your own package.") }}
</p>
{% else %}
{{ render_review_preview(package) }}
{% endif %}
{% else %}
{{ render_review_preview(package) }}
{% endif %}
{% else %}
{{ render_review_preview(package) }}
<p>
{{ _("Package needs to be approved before it can be reviewed.") }}
</p>
{% endif %}
{% if current_user.is_authenticated and current_user.rank.atLeast(current_user.rank.ADMIN) %}