Commit e5f0631e authored by Flavio TARSETTI's avatar Flavio TARSETTI
Browse files

[accounts] patched api as request for supervision should be made ONLY to godfather accounts

parent 744a60e1
Pipeline #11570 passed with stage
in 38 minutes and 36 seconds
......@@ -276,7 +276,32 @@ class SuperviseeAddGodfatherView(BaseCreateSupervisionTrackViewSupervisee):
permission_classes = BaseCreateSupervisionTrackViewSupervisee.permission_classes
def post(self, request, supervisor_name):
godfather = User.objects.get(username=supervisor_name)
#check if user exists and its validity and if it's a godfather account
try:
godfather = User.objects.get(username=supervisor_name)
if not godfather.profile.is_godfather:
#Not a valid godfather
reason = "Not a valid godfather request"
result = {
'error': reason,
}
return BadRequestResponse(result)
else:
if godfather.profile.status == Profile.BLOCKED:
#Not a valid godfather
reason = "Not a valid godfather request"
result = {
'error': reason,
}
return BadRequestResponse(result)
except:
#This username does not exist but don't give too much information
reason = "Not a valid godfather request"
result = {
'error': reason,
}
return BadRequestResponse(result)
supervisee = request.user
if supervisee.profile.supervision_key is not None:
#There's a key check if there's a valid track
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment