Show More
| @@ -539,8 +539,14 b' class RepoCommitsView(RepoAppView):' | |||
|
|
539 | 539 | @CSRFRequired() |
|
|
540 | 540 | def repo_commit_comment_history_view(self): |
|
|
541 | 541 | c = self.load_default_context() |
|
|
542 | comment_history_id = self.request.matchdict['comment_history_id'] | |
|
|
542 | 543 | |
|
|
543 | comment_history_id = self.request.matchdict['comment_history_id'] | |
|
|
544 | comment = ChangesetComment.get_or_404(comment_history_id) | |
|
|
545 | comment_owner = (comment.author.user_id == self._rhodecode_db_user.user_id) | |
|
|
546 | if comment.draft and not comment_owner: | |
|
|
547 | # if we see draft comments history, we only allow this for owner | |
|
|
548 | raise HTTPNotFound() | |
|
|
549 | ||
|
|
544 | 550 | comment_history = ChangesetCommentHistory.get_or_404(comment_history_id) |
|
|
545 | 551 | is_repo_comment = comment_history.comment.repo.repo_id == self.db_repo.repo_id |
|
|
546 | 552 | |
| @@ -549,8 +555,7 b' class RepoCommitsView(RepoAppView):' | |||
|
|
549 | 555 | |
|
|
550 | 556 | rendered_comment = render( |
|
|
551 | 557 | 'rhodecode:templates/changeset/comment_history.mako', |
|
|
552 | self._get_template_context(c) | |
|
|
553 | , self.request) | |
|
|
558 | self._get_template_context(c), self.request) | |
|
|
554 | 559 | return rendered_comment |
|
|
555 | 560 | else: |
|
|
556 | 561 | log.warning('No permissions for user %s to show comment_history_id: %s', |
General Comments 0
You need to be logged in to leave comments.
Login now