[extensions-web: 51/75] Implement ACL for review list view.

[Jasper St. Pierre <jstpierre src gnome org>]

commit 70ef0496c406cd54b076d2adb3df673c4938a76f
Author: Jasper St. Pierre <jstpierre mecheye net>
Date:   Tue Sep 20 17:57:07 2011 -0400

    Implement ACL for review list view.

 sweettooth/review/urls.py  |    6 +-----
 sweettooth/review/views.py |   13 ++++++++++++-
 2 files changed, 13 insertions(+), 6 deletions(-)
---
diff --git a/sweettooth/review/urls.py b/sweettooth/review/urls.py
index 9e4bdf1..33e2005 100644
--- a/sweettooth/review/urls.py
+++ b/sweettooth/review/urls.py
@@ -3,13 +3,9 @@ from django.conf.urls.defaults import patterns, url
 from django.views.generic import ListView
 
 from review import views
-from extensions.models import ExtensionVersion, STATUS_LOCKED
 
 urlpatterns = patterns('',
-    url(r'^$', ListView.as_view(queryset=ExtensionVersion.objects.filter(status=STATUS_LOCKED),
-                                context_object_name="versions",
-                                template_name="review/list.html"), name='review-list'),
-
+    url(r'^$', views.ReviewListView.as_view(), name='review-list'),
     url(r'^ajax/v/(?P<pk>\d+)', views.AjaxGetFilesView.as_view(), name='review-ajax-files'),
     url(r'^submit/(?P<pk>\d+)', views.SubmitReviewView.as_view(), name='review-submit'),
     url(r'^(?P<pk>\d+)', views.ReviewVersionView.as_view(), name='review-version'),
diff --git a/sweettooth/review/views.py b/sweettooth/review/views.py
index a669c88..eb3d829 100644
--- a/sweettooth/review/views.py
+++ b/sweettooth/review/views.py
@@ -9,7 +9,7 @@ import pygments.util
 import pygments.lexers
 import pygments.formatters
 
-from django.views.generic import View, DetailView
+from django.views.generic import View, DetailView, ListView
 from django.views.generic.detail import SingleObjectMixin
 from django.http import HttpResponse, HttpResponseForbidden, Http404
 from django.utils.safestring import mark_safe
@@ -114,3 +114,14 @@ class ReviewVersionView(DetailView):
         previous_reviews = CodeReview.objects.filter(version__extension=self.object.extension)
         context['previous_reviews'] = previous_reviews
         return context
+
+class ReviewListView(ListView):
+    queryset=models.ExtensionVersion.objects.filter(status=models.STATUS_LOCKED)
+    context_object_name="versions"
+    template_name="review/list.html"
+
+    def get(self, request, *args, **kwargs):
+        if not request.user.has_perm("review.can-review-extensions"):
+            return HttpResponseForbidden()
+
+        return super(ReviewListView, self).get(request, *args, **kwargs)