From c0cd3e166120b0859a10d5e7fca5079eb7c8ee0e Mon Sep 17 00:00:00 2001
From: Lucas McCullum <lumccul3@gmail.com>
Date: Thu, 4 Feb 2021 08:59:47 -0500
Subject: [PATCH] Prevents user from adding themselves as a references

---
 physionet-django/user/forms.py | 12 +++++++++++-
 physionet-django/user/views.py |  4 ++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/physionet-django/user/forms.py b/physionet-django/user/forms.py
index 8b9828c331..70fdd30c43 100644
--- a/physionet-django/user/forms.py
+++ b/physionet-django/user/forms.py
@@ -445,6 +445,12 @@ class Meta:
             'reference_title': 'Reference job title or position'
         }
 
+    def __init__(self, user, *args, **kwargs):
+        """
+        This form is only for processing post requests.
+        """
+        super().__init__(*args, **kwargs)
+        self.user = user
 
     def clean_reference_name(self):
         reference_name = self.cleaned_data.get('reference_name')
@@ -454,7 +460,11 @@ def clean_reference_name(self):
     def clean_reference_email(self):
         reference_email = self.cleaned_data.get('reference_email')
         if reference_email:
-            return reference_email.strip()
+            if reference_email in self.user.get_emails():
+                raise forms.ValidationError("""You can not put yourself
+                    as a reference.""")
+            else:
+                return reference_email.strip()
 
     def clean_reference_title(self):
         reference_title = self.cleaned_data.get('reference_title')
diff --git a/physionet-django/user/views.py b/physionet-django/user/views.py
index b8c38c0b65..001f454886 100644
--- a/physionet-django/user/views.py
+++ b/physionet-django/user/views.py
@@ -522,7 +522,7 @@ def credential_application(request):
         training_form = forms.TrainingCAF(data=request.POST,
             files=request.FILES, prefix="application")
         research_form = forms.ResearchCAF(data=request.POST, prefix="application")
-        reference_form = forms.ReferenceCAF(data=request.POST, prefix="application")
+        reference_form = forms.ReferenceCAF(data=request.POST, prefix="application", user=user)
 
         form = forms.CredentialApplicationForm(user=user, data=request.POST,
             files=request.FILES,  prefix="application")
@@ -539,7 +539,7 @@ def credential_application(request):
     else:
         personal_form = forms.PersonalCAF(user=user, prefix="application")
         training_form = forms.TrainingCAF(prefix="application")
-        reference_form = forms.ReferenceCAF(prefix="application")
+        reference_form = forms.ReferenceCAF(prefix="application", user=user)
         research_form = forms.ResearchCAF(prefix="application")
         form = None