[api] validate tracker specified in _patchinfo files

openSUSE · Sep 23, 2013 · 8429141 · 8429141
1 parent 4fe9178
commit 8429141
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/src/api/app/models/patchinfo.rb b/src/api/app/models/patchinfo.rb
@@ -12,6 +12,10 @@ class ReleasetargetNotFound < APIException
     setup 404
   end
 
+  class TrackerNotFound < APIException
+    setup 404
+  end
+
   def is_repository_matching?(repo, rt)
     return false if repo.project.name != rt['project']
     if rt['repository']
@@ -27,14 +31,19 @@ def check_releasetarget!(rt)
         return if is_repository_matching?(prt.target_repository, rt)
       end
     end
-    raise ReleasetargetNotFound.new "Release target '#{rt['project']}/#{rt['repository']}' is not defined in this project '#{@project.name}'"
+    raise ReleasetargetNotFound.new "Release target '#{rt['project']}/#{rt['repository']}' is not defined in this project '#{@project.name}'. Please ask your OBS administrator to add it."
   end
 
   def verify_data(project, raw_post)
     @project = project
     data = Xmlhash.parse(raw_post)
     # check the packager field
     User.get_by_login data["packager"] if data["packager"]
+    # valid tracker?
+    data.elements("issue").each do |i|
+      tracker = IssueTracker.find_by_name(i['tracker']) 
+      raise TrackerNotFound.new "Tracker #{i['tracker']} is not registered in this OBS instance" unless tracker
+    end
     # are releasetargets specified ? validate that this project is actually defining them.
     data.elements("releasetarget") { |r| check_releasetarget!(r) }
   end

diff --git a/src/api/test/functional/maintenance_test.rb b/src/api/test/functional/maintenance_test.rb
@@ -979,11 +979,18 @@ def test_create_maintenance_project_and_release_packages
     Timecop.freeze(1)
     raw_put "/source/#{incidentProject}/patchinfo/_patchinfo", pi.dump_xml
     assert_response :success
+    # add broken releasetarget
     pi.add_element "releasetarget", { :project => "home:tom" } # invalid target
     Timecop.freeze(1)
     raw_put "/source/#{incidentProject}/patchinfo/_patchinfo", pi.dump_xml
     assert_response 404
     assert_xml_tag :tag => "status", :attributes => { :code => "releasetarget_not_found" }
+    # add broken tracker
+    pi.add_element "issue", { "id" => "0815", "tracker" => "INVALID" } # invalid tracker
+    raw_put "/source/#{incidentProject}/patchinfo/_patchinfo", pi.dump_xml
+    assert_response 404
+    assert_xml_tag :tag => "status", :attributes => { :code => "tracker_not_found" }
+    # continue
     get "/source/#{incidentProject}/patchinfo/_meta"
     assert_xml_tag( :parent => {:tag => "build"}, :tag => "enable", :attributes => { :repository => nil, :arch => nil} )
     assert_no_xml_tag( :parent => { :tag => "publish" }, :tag => "enable", :attributes => { :repository => nil, :arch => nil} ) # not published due to access disable