#231 Add access to message confirmation link only to sender
Merged 24 days ago by bt0dotninja. Opened a month ago by shraddhaag.
fedora-commops/ shraddhaag/fedora-happiness-packets sender-confirmation-link-access  into  master

@@ -143,7 +143,7 @@ 

      template_name = 'messaging/message_sender_confirmation_sent.html'

  

  

- class MessageSenderConfirmationView(TemplateView):

+ class MessageSenderConfirmationView(LoginRequiredMixin,TemplateView):

      template_name = 'messaging/message_sender_confirmation_failed.html'

  

      def get(self, request, *args, **kwargs):

@@ -152,6 +152,8 @@ 

          except Message.DoesNotExist:

              return render(request, self.template_name, {'not_found': True})

  

+         if message.sender_email != self.request.user.email:

+             return render(request, self.template_name, {'not_sender': True})

          if message.status != Message.STATUS.pending_sender_confirmation:

              return render(request, self.template_name, {'already_confirmed': True})

  

@@ -10,6 +10,10 @@ 

          <div class="alert alert-danger">

              We couldn't find this message. Make sure that the URL is complete.

          </div>

+     {% elif not_sender %}

+         <div class="alert alert-danger">

+             The message can't be confirmed since you aren't the sender of the message.

+         </div>

      {% elif already_confirmed %}

          <div class="alert alert-info">

              You already confirmed this message.

This commit adds the following functionality:
1. User needs to be logged in to access confirmation link.
2. Only the sender of the message can successfully confirm it.
3. A alert message is displayed when a user that isn't identified
as the sender of the message accesses the confirmation link.

Pull-Request has been merged by bt0dotninja

24 days ago