[api] fix re-open of makeoriginolder requests

openSUSE · Jan 15, 2015 · 2db400a · 2db400a
1 parent 73deb45
commit 2db400a
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 8 deletions.
diff --git a/src/api/app/models/bs_request_permission_check.rb b/src/api/app/models/bs_request_permission_check.rb
@@ -76,6 +76,14 @@ def check_accepted_action(action)
     if action.action_type == :delete
       check_delete_accept(action)
     end
+
+    if action.makeoriginolder and Package.exists_by_project_and_name(action.target_project, action.target_package)
+      # the target project may link to another project where we need to check modification permissions
+      originpkg = Package.get_by_project_and_name action.target_project, action.target_package
+      unless User.current.can_modify_package? originpkg
+        raise PostRequestNoPermission.new "Package target can not get initialized using makeoriginolder. No permission in project #{originpkg.project.name}"
+      end
+    end
   end
 
   def check_delete_accept(action)
@@ -163,14 +171,6 @@ def check_action_target(action)
         raise TargetNotMaintenance.new "The target project is not of type maintenance or incident but #{@target_project.project_type}"
       end
     end
-
-    if action.makeoriginolder and Package.exists_by_project_and_name(action.target_project, action.target_package)
-      # the target project may link to another project where we need to check modification permissions
-      originpkg = Package.get_by_project_and_name action.target_project, action.target_package
-      unless User.current.can_modify_package? originpkg
-        raise PostRequestNoPermission.new "Package target can not get initialized using makeoriginolder. No permission in project #{originpkg.project.name}"
-      end
-    end
   end
 
   def set_permissions_for_action(action)

diff --git a/src/api/test/functional/request_controller_test.rb b/src/api/test/functional/request_controller_test.rb
@@ -1624,6 +1624,13 @@ def test_makeoriginolder_request
     node = Xmlhash.parse(@response.body)
     id = node['id']
     assert !id.blank?
+    # no write permission
+    post "/request/#{id}?cmd=changestate&newstate=accepted&comment=But+I+want+it"
+    assert_response 403
+    post "/request/#{id}?cmd=changestate&newstate=revoked&comment=take+it+back"
+    assert_response :success
+    post "/request/#{id}?cmd=changestate&newstate=new&comment=try+again"
+    assert_response :success
 
     # approvereview
     login_fred