Only allow users matching the team invite to accept, if the invite was specified for a user (rather than an email)
This commit is contained in:
Joseph Schorr
parent
c5ca46a14b
commit
10faa7de84
7 changed files with 24 additions and 21 deletions
|
|
@ -1988,6 +1988,12 @@ def delete_team_invite(code, user=None):
|
|||
def confirm_team_invite(code, user):
|
||||
found = lookup_team_invite(code)
|
||||
|
||||
# If the invite is for a specific user, we have to confirm that here.
|
||||
if found.user is not None and found.user != user:
|
||||
message = """This invite is intended for user "%s".
|
||||
Please login to that account and try again.""" % found.user.username
|
||||
raise DataModelException(message)
|
||||
|
||||
# Add the user to the team.
|
||||
try:
|
||||
add_user_to_team(user, found.team)
|
||||
|
|
|
|||
Reference in a new issue