From 354b818ff51224700561701cea714becda619268 Mon Sep 17 00:00:00 2001
From: Will Thompson <will@willthompson.co.uk>
Date: Thu, 9 Jul 2015 13:44:10 +0100
Subject: [PATCH 2/2] editAnnotation: explicitly refuse to change layer

---
 pandora/annotation/views.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pandora/annotation/views.py b/pandora/annotation/views.py
index 1ce342d..f11cc14 100644
--- a/pandora/annotation/views.py
+++ b/pandora/annotation/views.py
@@ -278,6 +278,9 @@ def editAnnotation(request, data):
     a = get_object_or_404_json(models.Annotation, public_id=data['id'])
     if a.editable(request.user):
         layer = get_by_id(settings.CONFIG['layers'], a.layer)
+        if 'layer' in data and data['layer'] != a.layer:
+            response = json_response(status=400, text='cannot change annotation layer')
+            return render_to_json_response(response)
         for key in ('value', 'in', 'out'):
             if key in data:
                 if key == 'value' and layer['type'] == 'entity':
-- 
2.4.3