kallithea Changeset - 6bd62617b99f

Changeset - 6bd62617b99f

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 13 years ago 2012-07-16 23:47:47
marcin@python-works.com

Opening pull request shouldn't be accessible by anonymous users

1 file changed with 3 insertions and 0 deletions:

rhodecode/controllers/pullrequests.py

0 comments (0 inline, 0 general)

rhodecode/controllers/pullrequests.py

➞

Show inline comments

@@ @@ -75,24 +75,25 @@ class PullrequestsController(BaseRepoCon @@
         hist_l.append(bookmarks_group)
         hist_l.append(branches_group)
         hist_l.append(tags_group)
         return hist_l
     def show_all(self, repo_name):
         c.pull_requests = PullRequestModel().get_all(repo_name)
         c.repo_name = repo_name
         return render('/pullrequests/pullrequest_show_all.html')
     @NotAnonymous()
     def index(self):
         org_repo = c.rhodecode_db_repo
         if org_repo.scm_instance.alias != 'hg':
             log.error('Review not available for GIT REPOS')
             raise HTTPNotFound
         other_repos_info = {}
         c.org_refs = self._get_repo_refs(c.rhodecode_repo)
         c.org_repos = []
         c.other_repos = []
@@ @@ -272,24 +273,25 @@ class PullrequestsController(BaseRepoCon @@
         # comments
         c.comments = cc_model.get_comments(c.rhodecode_db_repo.repo_id,
                                            pull_request=pull_request_id)
         # changeset(pull-request) status
         c.current_changeset_status = cs_model.calculate_status(
                                         c.pull_request_reviewers
+                                     )
         c.changeset_statuses = ChangesetStatus.STATUSES
         c.target_repo = c.pull_request.org_repo.repo_name
         return render('/pullrequests/pullrequest_show.html')
     @NotAnonymous()
     @jsonify
     def comment(self, repo_name, pull_request_id):
         pull_request = PullRequest.get_or_404(pull_request_id)
         if pull_request.is_closed():
             raise HTTPForbidden()
         status = request.POST.get('changeset_status')
         change_status = request.POST.get('change_changeset_status')
         comm = ChangesetCommentsModel().create(
             text=request.POST.get('text'),
             repo=c.rhodecode_db_repo.repo_id,
@@ @@ -328,24 +330,25 @@ class PullrequestsController(BaseRepoCon @@
         data = {
            'target_id': h.safeid(h.safe_unicode(request.POST.get('f_path'))),
+        }
         if comm:
             c.co = comm
             data.update(comm.get_dict())
             data.update({'rendered_text':
                          render('changeset/changeset_comment_block.html')})
         return data
     @NotAnonymous()
     @jsonify
     def delete_comment(self, repo_name, comment_id):
         co = ChangesetComment.get(comment_id)
         if co.pull_request.is_closed():
             #don't allow deleting comments on closed pull request
             raise HTTPForbidden()
         owner = lambda: co.author.user_id == c.rhodecode_user.user_id
         if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner:
             ChangesetCommentsModel().delete(comment=co)
             Session().commit()
             return True

0 comments (0 inline, 0 general)