Show More
@@ -435,10 +435,13 b' class RepoCommitsView(RepoAppView):' | |||||
435 | route_name='repo_commit_comment_history_view', request_method='POST', |
|
435 | route_name='repo_commit_comment_history_view', request_method='POST', | |
436 | renderer='string', xhr=True) |
|
436 | renderer='string', xhr=True) | |
437 | def repo_commit_comment_history_view(self): |
|
437 | def repo_commit_comment_history_view(self): | |
438 | commit_id = self.request.matchdict['commit_id'] |
|
438 | c = self.load_default_context() | |
|
439 | ||||
439 | comment_history_id = self.request.matchdict['comment_history_id'] |
|
440 | comment_history_id = self.request.matchdict['comment_history_id'] | |
440 | comment_history = ChangesetCommentHistory.get_or_404(comment_history_id) |
|
441 | comment_history = ChangesetCommentHistory.get_or_404(comment_history_id) | |
441 | c = self.load_default_context() |
|
442 | is_repo_comment = comment_history.comment.repo.repo_id == self.db_repo.repo_id | |
|
443 | ||||
|
444 | if is_repo_comment: | |||
442 | c.comment_history = comment_history |
|
445 | c.comment_history = comment_history | |
443 |
|
446 | |||
444 | rendered_comment = render( |
|
447 | rendered_comment = render( | |
@@ -446,6 +449,10 b' class RepoCommitsView(RepoAppView):' | |||||
446 | self._get_template_context(c) |
|
449 | self._get_template_context(c) | |
447 | , self.request) |
|
450 | , self.request) | |
448 | return rendered_comment |
|
451 | return rendered_comment | |
|
452 | else: | |||
|
453 | log.warning('No permissions for user %s to show comment_history_id: %s', | |||
|
454 | self._rhodecode_db_user, comment_history_id) | |||
|
455 | raise HTTPNotFound() | |||
449 |
|
456 | |||
450 | @LoginRequired() |
|
457 | @LoginRequired() | |
451 | @NotAnonymous() |
|
458 | @NotAnonymous() | |
@@ -567,7 +574,7 b' class RepoCommitsView(RepoAppView):' | |||||
567 | is_repo_admin = h.HasRepoPermissionAny('repository.admin')(self.db_repo_name) |
|
574 | is_repo_admin = h.HasRepoPermissionAny('repository.admin')(self.db_repo_name) | |
568 | super_admin = h.HasPermissionAny('hg.admin')() |
|
575 | super_admin = h.HasPermissionAny('hg.admin')() | |
569 | comment_owner = (comment.author.user_id == self._rhodecode_db_user.user_id) |
|
576 | comment_owner = (comment.author.user_id == self._rhodecode_db_user.user_id) | |
570 |
is_repo_comment = comment.repo.repo_ |
|
577 | is_repo_comment = comment.repo.repo_id == self.db_repo.repo_id | |
571 | comment_repo_admin = is_repo_admin and is_repo_comment |
|
578 | comment_repo_admin = is_repo_admin and is_repo_comment | |
572 |
|
579 | |||
573 | if super_admin or comment_owner or comment_repo_admin: |
|
580 | if super_admin or comment_owner or comment_repo_admin: | |
@@ -588,9 +595,7 b' class RepoCommitsView(RepoAppView):' | |||||
588 | route_name='repo_commit_comment_edit', request_method='POST', |
|
595 | route_name='repo_commit_comment_edit', request_method='POST', | |
589 | renderer='json_ext') |
|
596 | renderer='json_ext') | |
590 | def repo_commit_comment_edit(self): |
|
597 | def repo_commit_comment_edit(self): | |
591 | commit_id = self.request.matchdict['commit_id'] |
|
|||
592 | comment_id = self.request.matchdict['comment_id'] |
|
598 | comment_id = self.request.matchdict['comment_id'] | |
593 |
|
||||
594 | comment = ChangesetComment.get_or_404(comment_id) |
|
599 | comment = ChangesetComment.get_or_404(comment_id) | |
595 |
|
600 | |||
596 | if comment.immutable: |
|
601 | if comment.immutable: | |
@@ -600,7 +605,7 b' class RepoCommitsView(RepoAppView):' | |||||
600 | is_repo_admin = h.HasRepoPermissionAny('repository.admin')(self.db_repo_name) |
|
605 | is_repo_admin = h.HasRepoPermissionAny('repository.admin')(self.db_repo_name) | |
601 | super_admin = h.HasPermissionAny('hg.admin')() |
|
606 | super_admin = h.HasPermissionAny('hg.admin')() | |
602 | comment_owner = (comment.author.user_id == self._rhodecode_db_user.user_id) |
|
607 | comment_owner = (comment.author.user_id == self._rhodecode_db_user.user_id) | |
603 |
is_repo_comment = comment.repo.repo_ |
|
608 | is_repo_comment = comment.repo.repo_id == self.db_repo.repo_id | |
604 | comment_repo_admin = is_repo_admin and is_repo_comment |
|
609 | comment_repo_admin = is_repo_admin and is_repo_comment | |
605 |
|
610 | |||
606 | if super_admin or comment_owner or comment_repo_admin: |
|
611 | if super_admin or comment_owner or comment_repo_admin: |
General Comments 0
You need to be logged in to leave comments.
Login now