From da810d64adc4e4bb56812c7b798c446d804ec6df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Tue, 27 Mar 2012 15:51:28 +0200 Subject: [PATCH] [api] allow revoke of requests when source project got locked, cleanup double code --- src/api/app/controllers/request_controller.rb | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/src/api/app/controllers/request_controller.rb b/src/api/app/controllers/request_controller.rb index 93f41efc9b6..b420f66ac0d 100644 --- a/src/api/app/controllers/request_controller.rb +++ b/src/api/app/controllers/request_controller.rb @@ -1268,16 +1268,6 @@ def command_changestate target_package = target_project.db_packages.find_by_name(action.source.package) end end - if source_project and req.state.name == "new" and params[:newstate] == "revoked" and not permission_granted - # source project owners should be able to revoke submit requests as well - source_package = source_project.db_packages.find_by_name(action.source.package) - if ( source_package and not @http_user.can_modify_package? source_package ) or - ( not source_package and not @http_user.can_modify_project? source_project ) - render_error :status => 403, :errorcode => "post_request_no_permission", - :message => "No permission to revoke request #{req.id} (type #{action.value('type')})" - return - end - end elsif [ "delete", "add_role", "set_bugowner" ].include? action.value("type") # target must exist @@ -1305,8 +1295,8 @@ def command_changestate end # general source write permission check (for revoke) - if ( source_package and @http_user.can_modify_package? source_package ) or - ( not source_package and source_project and @http_user.can_modify_project? source_project ) + if ( source_package and @http_user.can_modify_package?(source_package,true) ) or + ( not source_package and source_project and @http_user.can_modify_project?(source_project,true) ) write_permission_in_some_source = true end