diff -r 7040f6533c42 -r ea6268cf8c83 src/hdalab/views/profile.py
--- a/src/hdalab/views/profile.py	Wed Sep 03 17:22:23 2014 +0200
+++ b/src/hdalab/views/profile.py	Fri Sep 05 12:43:52 2014 +0200
@@ -36,6 +36,7 @@
 
 
 import logging
+from django.http.response import Http404
 logger = logging.getLogger(__name__)
 
 
@@ -73,10 +74,8 @@
         rk.save()
         hr = HdalabRenkan()
         hr.renkan = rk
-        from random import randrange
-        hr.state = randrange(4) + 1
+        hr.state = HdalabRenkan.EDITION
         hr.save()
-        
         return redirect("%s?rk_id=%s" % (reverse('renkan_edit'), rk_id))
 
 
@@ -474,6 +473,26 @@
 
 
 
+class HdalabRenkanModerate(View):
+    
+    def get(self, request, rk_id, state):
+        if rk_id!="":
+            try:
+                hr = HdalabRenkan.objects.select_related("renkan", "renkan__owner").get(renkan__rk_id=rk_id)
+            except:
+                raise Http404('Renkan not found')
+            if hr.renkan.owner!=request.user and not request.user.is_staff:
+                return HttpResponseBadRequest("You are not allowed to modify the state this renkan.")
+            hr.state = state
+            hr.save()
+        
+        if "next" in request.GET:
+            return redirect(request.GET["next"])
+            
+        return redirect(reverse('profile_home'))
+
+
+
 # Function copied from django.contrib.auth.views to simplify ajax login
 @sensitive_post_parameters()
 @csrf_protect