rhodecode-enterprise-ce Commit - r4406:11f8a530

435

route_name='repo_commit_comment_history_view', request_method='POST',

435

route_name='repo_commit_comment_history_view', request_method='POST',

436

renderer='string', xhr=True)

436

renderer='string', xhr=True)

437

def repo_commit_comment_history_view(self):

437

def repo_commit_comment_history_view(self):

438

commit_id = self.request.matchdict['commit_id']

438

c = self.load_default_context()

439

comment_history_id = self.request.matchdict['comment_history_id']

440

comment_history_id = self.request.matchdict['comment_history_id']

440

comment_history = ChangesetCommentHistory.get_or_404(comment_history_id)

441

comment_history = ChangesetCommentHistory.get_or_404(comment_history_id)

441

c = self.load_default_context()

442

is_repo_comment = comment_history.comment.repo.repo_id == self.db_repo.repo_id

442

c.comment_history = comment_history

443

444

if is_repo_comment:

445

c.comment_history = comment_history

443

446

444

rendered_comment = render(

447

rendered_comment = render(

445

'rhodecode:templates/changeset/comment_history.mako',

448

'rhodecode:templates/changeset/comment_history.mako',

446

self._get_template_context(c)

449

self._get_template_context(c)

447

, self.request)

450

, self.request)

448

return rendered_comment

451

return rendered_comment

452

else:

453

log.warning('No permissions for user %s to show comment_history_id: %s',

454

self._rhodecode_db_user, comment_history_id)

455

raise HTTPNotFound()

449

456

450

@LoginRequired()

457

@LoginRequired()

451

@NotAnonymous()

458

@NotAnonymous()

567

is_repo_admin = h.HasRepoPermissionAny('repository.admin')(self.db_repo_name)

574

is_repo_admin = h.HasRepoPermissionAny('repository.admin')(self.db_repo_name)

568

super_admin = h.HasPermissionAny('hg.admin')()

575

super_admin = h.HasPermissionAny('hg.admin')()

569

comment_owner = (comment.author.user_id == self._rhodecode_db_user.user_id)

576

comment_owner = (comment.author.user_id == self._rhodecode_db_user.user_id)

570

is_repo_comment = comment.repo.repo_~~name~~ == self.db_repo~~_name~~

577

is_repo_comment = comment.repo.repo_id == self.db_repo.repo_id

571

comment_repo_admin = is_repo_admin and is_repo_comment

578

comment_repo_admin = is_repo_admin and is_repo_comment

572

579

573

if super_admin or comment_owner or comment_repo_admin:

580

if super_admin or comment_owner or comment_repo_admin:

588

route_name='repo_commit_comment_edit', request_method='POST',

595

route_name='repo_commit_comment_edit', request_method='POST',

589

renderer='json_ext')

596

renderer='json_ext')

590

def repo_commit_comment_edit(self):

597

def repo_commit_comment_edit(self):

591

commit_id = self.request.matchdict['commit_id']

592

comment_id = self.request.matchdict['comment_id']

598

comment_id = self.request.matchdict['comment_id']

593

594

comment = ChangesetComment.get_or_404(comment_id)

599

comment = ChangesetComment.get_or_404(comment_id)

595

600

596

if comment.immutable:

601

if comment.immutable:

600

is_repo_admin = h.HasRepoPermissionAny('repository.admin')(self.db_repo_name)

605

is_repo_admin = h.HasRepoPermissionAny('repository.admin')(self.db_repo_name)

601

super_admin = h.HasPermissionAny('hg.admin')()

606

super_admin = h.HasPermissionAny('hg.admin')()

602

comment_owner = (comment.author.user_id == self._rhodecode_db_user.user_id)

607

comment_owner = (comment.author.user_id == self._rhodecode_db_user.user_id)

603

is_repo_comment = comment.repo.repo_~~name~~ == self.db_repo~~_name~~

608

is_repo_comment = comment.repo.repo_id == self.db_repo.repo_id

604

comment_repo_admin = is_repo_admin and is_repo_comment

609

comment_repo_admin = is_repo_admin and is_repo_comment

605

610

606

if super_admin or comment_owner or comment_repo_admin:

611

if super_admin or comment_owner or comment_repo_admin:

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

                     route_name='repo_commit_comment_history_view', request_method='POST',
                     renderer='string', xhr=True)
                 def repo_commit_comment_history_view(self):
-                    commit_id = self.request.matchdict['commit_id']
+                    c = self.load_default_context()
                     comment_history_id = self.request.matchdict['comment_history_id']
                     comment_history = ChangesetCommentHistory.get_or_404(comment_history_id)
-                    c = self.load_default_context()
+                    is_repo_comment = comment_history.comment.repo.repo_id == self.db_repo.repo_id
-                    c.comment_history = comment_history
+                    if is_repo_comment:
+                        c.comment_history = comment_history
-                    rendered_comment = render(
+                        rendered_comment = render(
-                        'rhodecode:templates/changeset/comment_history.mako',
+                            'rhodecode:templates/changeset/comment_history.mako',
-                        self._get_template_context(c)
+                            self._get_template_context(c)
-                        , self.request)
+                            , self.request)
-                    return rendered_comment
+                        return rendered_comment
+                    else:
+                        log.warning('No permissions for user %s to show comment_history_id: %s',
+                                    self._rhodecode_db_user, comment_history_id)
+                        raise HTTPNotFound()
                 @LoginRequired()
                 @NotAnonymous()
                     is_repo_admin = h.HasRepoPermissionAny('repository.admin')(self.db_repo_name)
                     super_admin = h.HasPermissionAny('hg.admin')()
                     comment_owner = (comment.author.user_id == self._rhodecode_db_user.user_id)
-                    is_repo_comment = comment.repo.repo_name == self.db_repo_name
+                    is_repo_comment = comment.repo.repo_id == self.db_repo.repo_id
                     comment_repo_admin = is_repo_admin and is_repo_comment
                     if super_admin or comment_owner or comment_repo_admin:
                     route_name='repo_commit_comment_edit', request_method='POST',
                     renderer='json_ext')
                 def repo_commit_comment_edit(self):
-                    commit_id = self.request.matchdict['commit_id']
                     comment_id = self.request.matchdict['comment_id']
                     comment = ChangesetComment.get_or_404(comment_id)
                     if comment.immutable:
                     is_repo_admin = h.HasRepoPermissionAny('repository.admin')(self.db_repo_name)
                     super_admin = h.HasPermissionAny('hg.admin')()
                     comment_owner = (comment.author.user_id == self._rhodecode_db_user.user_id)
-                    is_repo_comment = comment.repo.repo_name == self.db_repo_name
+                    is_repo_comment = comment.repo.repo_id == self.db_repo.repo_id
                     comment_repo_admin = is_repo_admin and is_repo_comment
                     if super_admin or comment_owner or comment_repo_admin: