extensions/models.py

@@ -294,7 +294,9 @@ class Extension(CreatedModifiedMixin, RatingMixin, TrackChangesMixin, models.Mod
     def latest_version(self):
         """Retrieve the latest version."""
         versions = [
-            v for v in self.versions.all() if v.file and v.file.status in self.valid_file_statuses
+            v
+            for v in self.versions.select_related('file', 'file__validation').all()
+            if v.file and v.file.status in self.valid_file_statuses
         ]
         if not versions:
             return None
@@ -353,7 +355,7 @@ class Extension(CreatedModifiedMixin, RatingMixin, TrackChangesMixin, models.Mod
         """Return True if given user is listed as a maintainer."""
         if user is None or user.is_anonymous:
             return False
-        return self.authors.filter(maintainer__user_id=user.pk).exists()
+        return user in self.authors.all()
 
     def can_rate(self, user) -> bool:
         """Return True if given user can rate this extension.
@@ -368,6 +370,14 @@ class Extension(CreatedModifiedMixin, RatingMixin, TrackChangesMixin, models.Mod
             ).exists()
         )
 
+    def suspicious_files(self):
+        versions = (
+            self.versions.select_related('file', 'file__validation')
+            .filter(file__validation__is_ok=False)
+            .all()
+        )
+        return [v.file for v in versions]
+
     @classmethod
     def get_lookup_field(cls, identifier):
         lookup_field = 'pk'

extensions/templates/extensions/detail.html

@@ -5,11 +5,7 @@
 {% block page_title %}{{ extension.name }}{% endblock page_title %}
 
 {% block content %}
-  {% if extension.latest_version %}
+  {% include "files/components/scan_details.html" with suspicious_files=extension.suspicious_files %}
-    {% with latest=extension.latest_version %}
-      {% include "files/components/scan_details.html" with file=latest.file %}
-    {% endwith %}
-  {% endif %}
 
   {% has_maintainer extension as is_maintainer %}
   {% with latest=extension.latest_version %}
@@ -55,7 +51,7 @@
         {% if extension.versions.listed|length > 1 %}
         <p>
           <a href="{{ extension.get_versions_url }}" class="d-block mt-3">
-            See all changelogs
+            See all versions
           </a>
         </p>
         {% endif %}

extensions/views/manage.py

@@ -42,7 +42,12 @@ class ExtensionDetailView(ExtensionQuerysetMixin, DetailView):
         * maintainers should be able to preview their yet unlisted add-ons;
         * staff should be able to preview yet unlisted add-ons;
         """
-        return self.get_extension_queryset()
+        return self.get_extension_queryset().prefetch_related(
+            'authors',
+            'versions',
+            'versions__file',
+            'versions__file__validation',
+        )
 
     def get_object(self, queryset=None):
         """Record a page view when returning the Extension object."""

files/templates/files/components/scan_details.html

@@ -1,21 +1,19 @@
 {% load common i18n %}
 {# FIXME: we might want to rephrase is_moderator in terms of Django's (group) permissions #}
 {% if perms.files.view_file or request.user.is_moderator %}
-  {% with file_validation=file.validation %}
+  {% if suspicious_files %}
-    {% if file_validation and not file_validation.is_ok %}
+    <section>
-      <section>
+      <div class="card pb-3 pt-4 px-4 mb-3 ext-detail-download-danger">
-        <div class="card pb-3 pt-4 px-4 mb-3 ext-detail-download-danger">
+        <h3>⚠&nbsp;{% trans "Suspicious upload" %}</h3>
-          <h3>⚠&nbsp;{% trans "Suspicious upload" %}</h3>
+	{% blocktrans asvar alert_text %}Scan of the {{ suspicious_files.0 }} indicates malicious content.{% endblocktrans %}
-          {% blocktrans asvar alert_text %}Scan of the {{ file }} indicates malicious content.{% endblocktrans %}
+        <h4>
-          <h4>
+          {{ alert_text }}
-            {{ alert_text }}
+          {% if perms.files.view_file %}{# Moderators don't necessarily have access to the admin #}
-            {% if perms.files.view_file %}{# Moderators don't necessarily have access to the admin #}
+            {% url 'admin:files_file_change' suspicious_files.0.pk as admin_file_url %}
-              {% url 'admin:files_file_change' file.pk as admin_file_url %}
+            <a href="{{ admin_file_url }}" target="_blank">{% trans "See details" %}</a>
-              <a href="{{ admin_file_url }}" target="_blank">{% trans "See details" %}</a>
+          {% endif %}
-            {% endif %}
+        </h4>
-          </h4>
+      </div>
-        </div>
+    </section>
-      </section>
+  {% endif %}
-    {% endif %}
-  {% endwith %}
 {% endif %}

files/templates/files/components/scan_details_flag.html

@@ -1,10 +1,8 @@
 {% load common i18n %}
 {# FIXME: we might want to rephrase is_moderator in terms of Django's (group) permissions #}
 {% if perms.files.view_file or request.user.is_moderator %}
-  {% with file_validation=file.validation %}
+  {% if suspicious_files %}
-    {% if file_validation and not file_validation.is_ok %}
+    {% blocktrans asvar alert_text %}Scan of the {{ suspicious_files.0 }} indicates malicious content.{% endblocktrans %}
-      {% blocktrans asvar alert_text %}Scan of the {{ file }} indicates malicious content.{% endblocktrans %}
+    <b class="text-danger pt-2" title="{{ alert_text }}">⚠</b>
-      <b class="text-danger pt-2" title="{{ alert_text }}">⚠</b>
+  {% endif %}
-    {% endif %}
-  {% endwith %}
 {% endif %}

reviewers/templates/reviewers/components/review_list_item.html

@@ -15,7 +15,7 @@
     <a href="{{ extension.get_review_url }}#activity-{{ stats.last_activity.id }}" class="ml-3">
       <span>{{ stats.last_activity.date_created|naturaltime_compact }}</span>
     </a>
-    {% include "files/components/scan_details_flag.html" with file=extension.latest_version.file %}
+    {% include "files/components/scan_details_flag.html" with suspicious_files=extension.suspicious_files %}
   </td>
   <td>
     <a href="{{ extension.get_review_url }}" class="text-decoration-none">