diff -r e68fd70ba076 -r 0a4c1af700a0 app/soc/views/helper/access.py
--- a/app/soc/views/helper/access.py	Tue Feb 03 13:27:52 2009 +0000
+++ b/app/soc/views/helper/access.py	Tue Feb 03 13:50:41 2009 +0000
@@ -92,6 +92,9 @@
 DEF_NEED_PICK_ARGS_MSG = ugettext(
   'The "continue" and "field" args are not both present.')
 
+DEF_REVIEW_COMPLETED_MSG = ugettext(
+    'This Application can not be reviewed anymore (it has been completed or rejected)')
+
 DEF_REQUEST_COMPLETED_MSG = ugettext(
   'This request cannot be accepted (it is either completed or denied).')
 
@@ -117,6 +120,21 @@
     ' <li>the account is a former account that cannot be used again</li>'
     '</ul>')
 
+
+def allowSidebar(fun):
+  """Decorator that allows access if the sidebar is calling.
+  """
+
+  from functools import wraps
+
+  @wraps(fun)
+  def wrapper(self, django_args, *args, **kwargs):
+    if django_args.get('SIDEBAR_CALLING'):
+      return
+    return fun(self, django_args, *args, **kwargs)
+  return wrapper
+
+
 def denySidebar(fun):
   """Decorator that denies access if the sidebar is calling.
   """
@@ -661,7 +679,7 @@
 
   @allowDeveloper
   def checkCanEditGroupApp(self, django_args, group_app_logic):
-    """Checks if the group_app in args is valid to be edited.
+    """Checks if the group_app in args is valid to be edited by the current user.
 
     Args:
       group_app_logic: A logic instance for the Group Application
@@ -686,6 +704,34 @@
     raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
 
 
+  @allowSidebar
+  def checkCanReviewGroupApp(self, django_args, group_app_logic):
+    """Checks if the group_app in args is valid to be reviewed.
+
+    Args:
+      group_app_logic: A logic instance for the Group Application
+    """
+
+    if 'link_id' not in django_args:
+      # calling review overview, so we can't check a specified entity
+      return
+
+    fields = {
+        'link_id': django_args['link_id'],
+        'status' : ['needs review', 'accepted', 'rejected', 'ignored']
+        }
+
+    if 'scope_path' in django_args:
+      fields['scope_path'] = django_args['scope_path']
+
+    entity = group_app_logic.getForFields(fields)
+
+    if entity:
+      return
+
+    raise out_of_band.AccessViolation(message_fmt=DEF_REVIEW_COMPLETED_MSG)
+
+
   @allowDeveloper
   def checkIsApplicationAccepted(self, django_args, app_logic):
     """Returns an alternate HTTP response if Google Account has no Club App