diff options
| author | rubenwardy <rw@rubenwardy.com> | 2018-03-20 00:58:44 +0000 |
|---|---|---|
| committer | rubenwardy <rw@rubenwardy.com> | 2018-03-20 00:58:44 +0000 |
| commit | 07a9b79396fd260b2d9aa918751823c70ba709c2 (patch) | |
| tree | e9eebd6881afe69ff3a0e75b86f3eab8e43fe374 /app/views | |
| parent | bc88027fbe2039aa509de6c958a1ab3939909539 (diff) | |
| download | cheatdb-07a9b79396fd260b2d9aa918751823c70ba709c2.tar.xz | |
Check type and author in package details
Diffstat (limited to 'app/views')
| -rw-r--r-- | app/views/packages.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/app/views/packages.py b/app/views/packages.py index 73c9edd..8aaf324 100644 --- a/app/views/packages.py +++ b/app/views/packages.py @@ -24,7 +24,12 @@ def txp_page(): @app.route("/<type>s/<author>/<name>/") def package_page(type, author, name): - package = Package.query.filter_by(name=name).first() + user = User.query.filter_by(username=author).first() + if user is None: + abort(404) + + package = Package.query.filter_by(name=name, author_id=user.id, + type=PackageType.fromName(type)).first() if package is None: abort(404) |