Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[api] handle options on submit request creation correctly

Conflicts:
	src/api/app/controllers/request_controller.rb
	src/api/test/functional/request_controller_test.rb
  • Loading branch information...
commit 18ef6cebb1c63a7fc7baf4fadb827a96c9c842a9 1 parent 9c3865c
@adrianschroeter adrianschroeter authored
View
23 src/api/app/controllers/request_controller.rb
@@ -833,13 +833,32 @@ def create_create
# projects may skip this by setting OBS:ApprovedRequestSource attributes
if action.source.has_attribute? 'package'
spkg = DbPackage.find_by_project_and_name action.source.project, action.source.package
- if spkg and not @http_user.can_modify_package? spkg and not spkg.db_project.find_attribute("OBS", "ApprovedRequestSource") and not spkg.find_attribute("OBS", "ApprovedRequestSource")
+ if spkg and not @http_user.can_modify_package? spkg
review_packages.push({ :by_project => action.source.project, :by_package => action.source.package })
+ if action.value('type') == 'submit'
+ if action.has_element? :options
+ render_error :status => 403, :errorcode => "lacking_maintainership",
+ :message => "Creating a submit request action with options requires maintainership in source package"
+ return
+ end
+ end
+ if not spkg.db_project.find_attribute("OBS", "ApprovedRequestSource") and not spkg.find_attribute("OBS", "ApprovedRequestSource")
+ review_packages.push({ :by_project => action.source.project, :by_package => action.source.package })
+ end
end
else
sprj = DbProject.find_by_name action.source.project
if sprj and not @http_user.can_modify_project? sprj and not sprj.find_attribute("OBS", "ApprovedRequestSource")
- review_packages.push({ :by_project => action.source.project })
+ if action.value('type') == 'submit'
+ if action.has_element? :options
+ render_error :status => 403, :errorcode => "lacking_maintainership",
+ :message => "Creating a submit request action with options requires maintainership in source package"
+ return
+ end
+ end
+ if not sprj.find_attribute("OBS", "ApprovedRequestSource")
+ review_packages.push({ :by_project => action.source.project })
+ end
end
end
end
View
3  src/api/test/fixtures/backend/request/to_hidden_from_open_valid
@@ -2,9 +2,6 @@
<action type='submit'>
<source project='home:Iggy' package='TestPack' rev='1' />
<target project='HiddenProject' package='pack' />
- <options>
- <sourceupdate>cleanup</sourceupdate>
- </options>
</action>
<description/>
<state who="adrian" name="new"/>
View
41 src/api/test/functional/request_controller_test.rb
@@ -840,7 +840,13 @@ def test_revoke_and_decline_when_projects_are_not_existing_anymore
def test_create_and_revoke_submit_request_permissions
ActionController::IntegrationTest::reset_auth
- req = load_backend_file('request/works')
+ req = "<request>
+ <action type='submit'>
+ <source project='home:Iggy' package='TestPack' rev='1' />
+ <target project='kde4' package='mypackage' />
+ </action>
+ <description/>
+ </request>"
post "/request?cmd=create", req
assert_response 401
@@ -967,6 +973,39 @@ def test_create_and_revoke_submit_request_permissions
assert_xml_tag( :tag => "state", :attributes => { :name => "review" } )
end
+ def test_submit_cleanup_in_not_writable_source
+ prepare_request_with_user "Iggy", "asdfasdf"
+ [ 'cleanup', 'update' ].each do |modify|
+ req = "<request>
+ <action type='submit'>
+ <source project='Apache' package='apache2' rev='1' />
+ <target project='home:Iggy' package='apache2' />
+ <options>
+ <sourceupdate>#{modify}</sourceupdate>
+ </options>
+ </action>
+ <description/>
+ </request>"
+ post "/request?cmd=create", req
+ assert_response 403
+ assert_xml_tag( :tag => "status", :attributes => { :code => 'lacking_maintainership' } )
+ end
+
+ req = "<request>
+ <action type='submit'>
+ <source project='Apache' package='apache2' rev='1' />
+ <target project='home:Iggy' package='apache2' />
+ <options>
+ <updatelink>true</updatelink>
+ </options>
+ </action>
+ <description/>
+ </request>"
+ post "/request?cmd=create", req
+ assert_response 403
+ assert_xml_tag( :tag => "status", :attributes => { :code => 'lacking_maintainership' } )
+ end
+
def test_reopen_a_review_declined_request
[ 'new', 'review' ].each do |newstate|
prepare_request_with_user "Iggy", "asdfasdf"
Please sign in to comment.
Something went wrong with that request. Please try again.