comment : add security check for rating own comment

40a6c062 · Baptiste Mouterde · ikoalaz · f33891ff · 40a6c062
Commit 40a6c062 authored Aug 13, 2012 by Baptiste Mouterde Committed by ikoalaz Aug 13, 2012
--- a/debexpo/controllers/comments.py
+++ b/debexpo/controllers/comments.py
@@ -257,6 +257,9 @@ class CommentsController(BaseController):
                log.debug('trying to get a comment that doesn\'t exist %s' % comment_id)
                return msg.call_msg('failure', 'this comment doesn\'t exist', comment_id)
                # creating a comments_score
+            if user.id==comment.user_id:
+                log.debug('user can\'t rate his own comments!')
+            return msg.call_msg('failure','you can\'t rate your own comment')
            data = {'user': user, 'package_comment': comment, 'value': good}
            #testing if the user already vote for this
            comment_score = meta.session.query(CommentsScore).filter_by(package_comments_id=comment.id,