##// END OF EJS Templates
pull-requests: only allow actual reviewers to leave status/votes....
marcink -
r4513:8c4f7e94 stable
parent child Browse files
Show More
@@ -170,7 +170,6 b' class RepoCommitsView(RepoAppView):'
170 )
170 )
171 reviewers_duplicates.add(_user_id)
171 reviewers_duplicates.add(_user_id)
172
172
173 c.allowed_reviewers = reviewers
174 c.reviewers_count = len(reviewers)
173 c.reviewers_count = len(reviewers)
175 c.observers_count = 0
174 c.observers_count = 0
176
175
@@ -455,7 +455,6 b' class RepoPullRequestsView(RepoAppView, '
455 'rhodecode:templates/pullrequests/pullrequest_merge_checks.mako'
455 'rhodecode:templates/pullrequests/pullrequest_merge_checks.mako'
456 return self._get_template_context(c)
456 return self._get_template_context(c)
457
457
458 c.allowed_reviewers = [obj.user_id for obj in pull_request.reviewers if obj.user]
459 c.reviewers_count = pull_request.reviewers_count
458 c.reviewers_count = pull_request.reviewers_count
460 c.observers_count = pull_request.observers_count
459 c.observers_count = pull_request.observers_count
461
460
@@ -761,7 +760,9 b' class RepoPullRequestsView(RepoAppView, '
761
760
762 # current user review statuses for each version
761 # current user review statuses for each version
763 c.review_versions = {}
762 c.review_versions = {}
764 if self._rhodecode_user.user_id in c.allowed_reviewers:
763 is_reviewer = PullRequestModel().is_user_reviewer(
764 pull_request, self._rhodecode_user)
765 if is_reviewer:
765 for co in general_comments:
766 for co in general_comments:
766 if co.author.user_id == self._rhodecode_user.user_id:
767 if co.author.user_id == self._rhodecode_user.user_id:
767 status = co.status_change
768 status = co.status_change
@@ -288,10 +288,16 b' class PullRequestModel(BaseModel):'
288 _perms = ('repository.admin',)
288 _perms = ('repository.admin',)
289 return self._check_perms(_perms, pull_request, user) or owner
289 return self._check_perms(_perms, pull_request, user) or owner
290
290
291 def is_user_reviewer(self, pull_request, user):
292 return user.user_id in [
293 x.user_id for x in
294 pull_request.get_pull_request_reviewers(PullRequestReviewers.ROLE_REVIEWER)
295 if x.user
296 ]
297
291 def check_user_change_status(self, pull_request, user, api=False):
298 def check_user_change_status(self, pull_request, user, api=False):
292 reviewer = user.user_id in [x.user_id for x in
299 return self.check_user_update(pull_request, user, api) \
293 pull_request.reviewers]
300 or self.is_user_reviewer(pull_request, user)
294 return self.check_user_update(pull_request, user, api) or reviewer
295
301
296 def check_user_comment(self, pull_request, user):
302 def check_user_comment(self, pull_request, user):
297 owner = user.user_id == pull_request.user_id
303 owner = user.user_id == pull_request.user_id
General Comments 0
You need to be logged in to leave comments. Login now