# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2017-11-20 16:02:12
# Node ID 6726b7736aa33ca6cf2cbdaf3eadd107f6150fed
# Parent  e3aee064c11ba9708ded1f9b9074547ac12b043f

pull-requests: forbid doing any changes on closed pull-requests.

- this is forbidden in the UI however we also need to prevent backend calls

diff --git a/rhodecode/apps/repository/tests/test_repo_pullrequests.py b/rhodecode/apps/repository/tests/test_repo_pullrequests.py
--- a/rhodecode/apps/repository/tests/test_repo_pullrequests.py
+++ b/rhodecode/apps/repository/tests/test_repo_pullrequests.py
@@ -199,18 +199,17 @@ class TestPullrequestsView(object):
     def test_edit_title_description_closed(self, pr_util, csrf_token):
         pull_request = pr_util.create_pull_request()
         pull_request_id = pull_request.pull_request_id
+        repo_name = pull_request.target_repo.repo_name
         pr_util.close()
 
         response = self.app.post(
             route_path('pullrequest_update',
-                repo_name=pull_request.target_repo.repo_name,
-                pull_request_id=pull_request_id),
+                       repo_name=repo_name, pull_request_id=pull_request_id),
             params={
                 'edit_pull_request': 'true',
                 'title': 'New title',
                 'description': 'New description',
-                'csrf_token': csrf_token})
-
+                'csrf_token': csrf_token}, status=200)
         assert_session_flash(
             response, u'Cannot update closed pull requests.',
             category='error')
diff --git a/rhodecode/apps/repository/views/repo_pull_requests.py b/rhodecode/apps/repository/views/repo_pull_requests.py
--- a/rhodecode/apps/repository/views/repo_pull_requests.py
+++ b/rhodecode/apps/repository/views/repo_pull_requests.py
@@ -887,8 +887,16 @@ class RepoPullRequestsView(RepoAppView, 
     def pull_request_update(self):
         pull_request = PullRequest.get_or_404(
             self.request.matchdict['pull_request_id'])
+        _ = self.request.translate
 
         self.load_default_context()
+
+        if pull_request.is_closed():
+            log.debug('update: forbidden because pull request is closed')
+            msg = _(u'Cannot update closed pull requests.')
+            h.flash(msg, category='error')
+            return True
+
         # only owner or admin can update it
         allowed_to_update = PullRequestModel().check_user_update(
             pull_request, self._rhodecode_user)
diff --git a/rhodecode/model/pull_request.py b/rhodecode/model/pull_request.py
--- a/rhodecode/model/pull_request.py
+++ b/rhodecode/model/pull_request.py
@@ -941,6 +941,9 @@ class PullRequestModel(BaseModel):
         :param reviewer_data: list of tuples
             [(user, ['reason1', 'reason2'], mandatory_flag)]
         """
+        pull_request = self.__get_pull_request(pull_request)
+        if pull_request.is_closed():
+            raise ValueError('This pull request is closed')
 
         reviewers = {}
         for user_id, reasons, mandatory in reviewer_data:
@@ -950,7 +953,6 @@ class PullRequestModel(BaseModel):
                 'reasons': reasons, 'mandatory': mandatory}
 
         reviewers_ids = set(reviewers.keys())
-        pull_request = self.__get_pull_request(pull_request)
         current_reviewers = PullRequestReviewers.query()\
             .filter(PullRequestReviewers.pull_request ==
                     pull_request).all()