From 2327466113838e1594e25a787183fb0a2cea23eb Mon Sep 17 00:00:00 2001 From: Tom Hacohen Date: Fri, 28 Aug 2020 13:55:15 +0300 Subject: [PATCH] Invitations: error when trying to invite oneself. --- django_etebase/views.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/django_etebase/views.py b/django_etebase/views.py index c45630b..c8a98fc 100644 --- a/django_etebase/views.py +++ b/django_etebase/views.py @@ -568,6 +568,10 @@ class InvitationOutgoingViewSet(InvitationBaseViewSet): except Collection.DoesNotExist: raise Http404('Collection does not exist') + if request.user == serializer.validated_data.get('user'): + content = {'code': 'self_invite', 'detail': 'Inviting yourself is invalid'} + return Response(content, status=status.HTTP_400_BAD_REQUEST) + if not permissions.is_collection_admin(collection, request.user): raise PermissionDenied('User is not an admin of this collection')