Commit 40a6c062 authored by Baptiste Mouterde's avatar Baptiste Mouterde Committed by ikoalaz
Browse files

comment : add security check for rating own comment

parent f33891ff
......@@ -257,6 +257,9 @@ class CommentsController(BaseController):
log.debug('trying to get a comment that doesn\'t exist %s' % comment_id)
return msg.call_msg('failure', 'this comment doesn\'t exist', comment_id)
# creating a comments_score
if user.id==comment.user_id:
log.debug('user can\'t rate his own comments!')
return msg.call_msg('failure','you can\'t rate your own comment')
data = {'user': user, 'package_comment': comment, 'value': good}
#testing if the user already vote for this
comment_score = meta.session.query(CommentsScore).filter_by(package_comments_id=comment.id,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment