Skip to content

allgo
allgo
Commit 1ef3517e authored by BAIRE Anthony's avatar BAIRE Anthony
Browse files
Options

add TODOs

parent f2e3b0f1
Pipeline #57579 failed with stage
    in 1 minute and 9 seconds
    Hide whitespace changes
    Inline Side-by-side
    Showing with 4 additions and 0 deletions
    django/allgo/main/views.py
    View file @ 1ef3517e
    ......@@ -152,6 +152,9 @@ class LegacyWebappDetail(SingleObjectMixin, RedirectView):
    # WEBAPPS
    # -----------------------------------------------------------------------------
    # FIXME: should merge WebappList with UserWebappList
    # FIXME: should filter out webapps that have not published versions and that do not belong to the current user
    class WebappList(AllAccessMixin, ListView):
    """ Display a paginated list of available webapps.
    ......@@ -200,6 +203,7 @@ class UserWebappList(AllAccessMixin, ListView):
    def get_queryset(self):
    """Filter apps for a given user"""
    # FIXME: infoleak: any user can display all the apps of any user
    user = User.objects.get(username=self.kwargs['username'])
    queryset = Webapp.objects.filter(user=user)
    return queryset
    ......
    Markdown is supported
    0% or
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment