From 8af45fbb9a79451d25ec790740d8915bf8294efd Mon Sep 17 00:00:00 2001
From: Vaibhav Mule <vaibhavmule135@gmail.com>
Date: Tue, 12 May 2020 17:41:54 +0530
Subject: [PATCH] raise 404 for user other than applicant
---
hypha/apply/funds/views.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/hypha/apply/funds/views.py b/hypha/apply/funds/views.py
index 03da1ac90..7cd743001 100644
--- a/hypha/apply/funds/views.py
+++ b/hypha/apply/funds/views.py
@@ -90,6 +90,7 @@ from .tables import (
SummarySubmissionsTable,
)
from .workflow import (
+ DRAFT,
INITIAL_STATE,
PHASES_MAPPING,
STAGE_CHANGE_ACTIONS,
@@ -696,6 +697,8 @@ class AdminSubmissionDetailView(ReviewContextMixin, ActivityContextMixin, Delega
def dispatch(self, request, *args, **kwargs):
submission = self.get_object()
+ if submission.status == DRAFT:
+ raise Http404
redirect = SubmissionSealedView.should_redirect(request, submission)
return redirect or super().dispatch(request, *args, **kwargs)
@@ -720,6 +723,8 @@ class ReviewerSubmissionDetailView(ReviewContextMixin, ActivityContextMixin, Del
def dispatch(self, request, *args, **kwargs):
submission = self.get_object()
+ if submission.status == DRAFT:
+ raise Http404
# If the requesting user submitted the application, return the Applicant view.
# Reviewers may sometimes be applicants as well.
if submission.user == request.user:
@@ -732,6 +737,8 @@ class PartnerSubmissionDetailView(ActivityContextMixin, DelegateableView, Detail
form_views = [CommentFormView]
def get_object(self):
+ if submission.status == DRAFT:
+ raise Http404
return super().get_object().from_draft()
def dispatch(self, request, *args, **kwargs):
@@ -754,6 +761,8 @@ class CommunitySubmissionDetailView(ReviewContextMixin, ActivityContextMixin, De
def dispatch(self, request, *args, **kwargs):
submission = self.get_object()
+ if submission.status == DRAFT:
+ raise Http404
# If the requesting user submitted the application, return the Applicant view.
# Reviewers may sometimes be applicants as well.
if submission.user == request.user:
--
GitLab