From 48894567c3add2f7e5bf7bb9b98c8641e016b9c4 Mon Sep 17 00:00:00 2001
From: Cayo Puigdefabregas <cayo@ribaguifi.com>
Date: Fri, 9 Apr 2021 20:12:30 +0200
Subject: [PATCH] check if the validate user is one of the users of the trade

---
 ereuse_devicehub/resources/action/views.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ereuse_devicehub/resources/action/views.py b/ereuse_devicehub/resources/action/views.py
index bf5b86eb..050e6c2d 100644
--- a/ereuse_devicehub/resources/action/views.py
+++ b/ereuse_devicehub/resources/action/views.py
@@ -363,6 +363,9 @@ class ActionView(View):
 
         """
         if offer.user_from_id and offer.user_to_id:
+            # check than the user than want to do the action is one of the users
+            # involved in the action
+            assert g.user.id in [offer.user_from_id, offer.user_to_id]
             return
 
         if offer.user_from_id and not offer.user_to_id:
@@ -403,6 +406,7 @@ class ActionView(View):
         # Create a new Trade
         trade = Trade(accepted_by_from=True,
                       accepted_by_to=True,
+                      confirm_transfer=True,
                       offer=offer,
                       devices=offer.devices
                       )