From 9590c0afa768393577d8daefbcc25d444e86747a Mon Sep 17 00:00:00 2001
From: Brian Simpson <bsimpson63@gmail.com>
Date: Wed, 16 Apr 2014 14:41:35 -0400
Subject: [PATCH] PromoteListingController: return 403 for non-sponsors on
 special sorts.

---
 r2/r2/controllers/promotecontroller.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/r2/r2/controllers/promotecontroller.py b/r2/r2/controllers/promotecontroller.py
index 3637a65ca..a75dc5c58 100644
--- a/r2/r2/controllers/promotecontroller.py
+++ b/r2/r2/controllers/promotecontroller.py
@@ -412,6 +412,11 @@ class PromoteListingController(ListingController):
         if not c.user_is_loggedin or not c.user.email_verified:
             # never reached--see MinimalController.on_validation_error
             return self.redirect("/ad_inq")
+
+        if (sort in ('underdelivered', 'reported', 'house') and
+            not c.user_is_sponsor):
+            self.abort403()
+
         self.sort = sort
         self.sr = None
         if sr and sr == Frontpage.name: