commit | eb7752d234b6f48ae7ac16ccba73524498485a89 | [log] [tgz] |
---|---|---|
author | Madhsudan.C.S <madhusudancs@google.com> | Wed Feb 12 21:14:34 2014 -0800 |
committer | Madhsudan.C.S <madhusudancs@google.com> | Wed Feb 12 23:59:50 2014 -0800 |
tree | 165dade77bdcd442a61e0d50259b68d8c15d29e7 | |
parent | 05e6a4f1142323bc7a8d67be2843744bbe202782 [diff] |
Fix the access checks for org application submission. The current access checks are too liberal in giving access to org admins of any organization to view and edit the org applications of any other organization which is quite dangerous. This commit fixes the problem by using the right access checks. The checks include validating the currently logged in user as an org admin for the org application he is trying to access and if the application is still not accepted or rejected. There is no point in allowing org admins to edit the org application questionnaire after they are accepted or rejected. Thanks to the org admin with IRC nick olly_ who reported this.
Melange -- Spice of Creation