Skip to content

Commit

Permalink
Merge pull request #12350 from rubhanazeem/fix-12250
Browse files Browse the repository at this point in the history 
Revoke requests with the permissions of the sender
  • Loading branch information
@hennevogel
hennevogel committed Mar 25, 2022
2 parents 229514a + 5251711 commit be669bb
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
5 changes: 5 additions & 0 deletions src/api/app/models/bs_request_permission_check.rb
View file
Expand Up @@ -109,6 +109,11 @@ def cmd_changestate_permissions(opts)
if opts[:newstate].in?(['new', 'review', 'revoked', 'superseded']) && req.creator == User.session!.login
# request creator can reopen, revoke or supersede a request which was declined
permission_granted = true
elsif opts[:newstate] == 'revoked' && req.creator == opts[:override_creator]
# NOTE: request should be revoked if project is removed.
# override_creator is needed if the logged in user is different than the creator of the request
# at the time of removing the project.
permission_granted = true
elsif req.state == :declined && opts[:newstate].in?(['new', 'review']) && (req.commenter == User.session!.login || user_is_staging_manager)
# people who declined a request shall also be able to reopen it

Expand Down
2 changes: 1 addition & 1 deletion src/api/app/models/project.rb
View file
Expand Up @@ -492,7 +492,7 @@ def revoke_requests
request.bs_request_actions.each do |action|
if action.source_project == name
begin
request.change_state(newstate: 'revoked', comment: "The source project '#{name}' has been removed")
request.change_state(newstate: 'revoked', comment: "The source project '#{name}' has been removed", override_creator: request.creator)
rescue PostRequestNoPermission
Airbrake.notify("#{User.session!.login} tried to revoke request #{request.number} but had no permissions")
end
Expand Down

0 comments on commit be669bb

Please sign in to comment.