| # ASF members and PMC chairs can post anything, everybody else can only post | |
| # to updates for the PMCs that they belong to. | |
| user = env.respond_to?(:user) && ASF::Person.find(env.user) | |
| unless !user or user.asf_chair_or_member? | |
| projects = user.committees.map(&:name) | |
| @report_status.each do |project, status| | |
| unless projects.include? project | |
| status 403 # Forbidden | |
| return "Not authorized to post #{project}" | |
| end | |
| end | |
| end | |
| # apply the updates | |
| Reporter.drafts env, @report_status |