Show More
| @@ -539,8 +539,14 b' class RepoCommitsView(RepoAppView):' | |||||
| 539 | @CSRFRequired() |
|
539 | @CSRFRequired() | |
| 540 | def repo_commit_comment_history_view(self): |
|
540 | def repo_commit_comment_history_view(self): | |
| 541 | c = self.load_default_context() |
|
541 | c = self.load_default_context() | |
|
|
542 | comment_history_id = self.request.matchdict['comment_history_id'] | |||
| 542 |
|
543 | |||
| 543 | comment_history_id = self.request.matchdict['comment_history_id'] |
|
544 | comment = ChangesetComment.get_or_404(comment_history_id) | |
|
|
545 | comment_owner = (comment.author.user_id == self._rhodecode_db_user.user_id) | |||
|
|
546 | if comment.draft and not comment_owner: | |||
|
|
547 | # if we see draft comments history, we only allow this for owner | |||
|
|
548 | raise HTTPNotFound() | |||
|
|
549 | ||||
| 544 | comment_history = ChangesetCommentHistory.get_or_404(comment_history_id) |
|
550 | comment_history = ChangesetCommentHistory.get_or_404(comment_history_id) | |
| 545 | is_repo_comment = comment_history.comment.repo.repo_id == self.db_repo.repo_id |
|
551 | is_repo_comment = comment_history.comment.repo.repo_id == self.db_repo.repo_id | |
| 546 |
|
552 | |||
| @@ -549,8 +555,7 b' class RepoCommitsView(RepoAppView):' | |||||
| 549 |
|
555 | |||
| 550 | rendered_comment = render( |
|
556 | rendered_comment = render( | |
| 551 | 'rhodecode:templates/changeset/comment_history.mako', |
|
557 | 'rhodecode:templates/changeset/comment_history.mako', | |
| 552 | self._get_template_context(c) |
|
558 | self._get_template_context(c), self.request) | |
| 553 | , self.request) |
|
|||
| 554 | return rendered_comment |
|
559 | return rendered_comment | |
| 555 | else: |
|
560 | else: | |
| 556 | log.warning('No permissions for user %s to show comment_history_id: %s', |
|
561 | log.warning('No permissions for user %s to show comment_history_id: %s', | |
General Comments 0
You need to be logged in to leave comments.
Login now