Google Git
Sign in
melange / soc / eb7752d234b6f48ae7ac16ccba73524498485a89
commiteb7752d234b6f48ae7ac16ccba73524498485a89[log] [tgz]
authorMadhsudan.C.S <madhusudancs@google.com>Wed Feb 12 21:14:34 2014 -0800
committerMadhsudan.C.S <madhusudancs@google.com>Wed Feb 12 23:59:50 2014 -0800
tree165dade77bdcd442a61e0d50259b68d8c15d29e7
parent05e6a4f1142323bc7a8d67be2843744bbe202782 [diff]
Fix the access checks for org application submission.

The current access checks are too liberal in giving access to org admins
of any organization to view and edit the org applications of any other
organization which is quite dangerous. This commit fixes the problem by
using the right access checks. The checks include validating the currently
logged in user as an org admin for the org application he is trying to
access and if the application is still not accepted or rejected. There is
no point in allowing org admins to edit the org application questionnaire
after they are accepted or rejected.

Thanks to the org admin with IRC nick olly_ who reported this.
1 file changed
tree: 165dade77bdcd442a61e0d50259b68d8c15d29e7
  1. app/
  2. mockups/
  3. patches/
  4. scripts/
  5. tests/
  6. .gitignore
  7. AUTHORS
  8. bootstrap.py
  9. buildout.cfg
  10. docs.config
  11. Gruntfile.js
  12. LICENSE-2.0.txt
  13. package.json
  14. pavement.py
  15. pylintrc
  16. README.md
  17. setup.cfg
  18. setup.py
  19. testem.json
README.md

Melange -- Spice of Creation