Show More
@@ -679,7 +679,8 b' class RepoPullRequestsView(RepoAppView, ' | |||||
679 | repo = Repository.get_by_repo_name(target_repo_name) |
|
679 | repo = Repository.get_by_repo_name(target_repo_name) | |
680 | if not repo: |
|
680 | if not repo: | |
681 | raise HTTPNotFound() |
|
681 | raise HTTPNotFound() | |
682 |
return PullRequestModel().generate_repo_data( |
|
682 | return PullRequestModel().generate_repo_data( | |
|
683 | repo, translator=self.request.translate) | |||
683 |
|
684 | |||
684 | @LoginRequired() |
|
685 | @LoginRequired() | |
685 | @NotAnonymous() |
|
686 | @NotAnonymous() | |
@@ -1081,6 +1082,13 b' class RepoPullRequestsView(RepoAppView, ' | |||||
1081 | log.debug('comment: forbidden because pull request is closed') |
|
1082 | log.debug('comment: forbidden because pull request is closed') | |
1082 | raise HTTPForbidden() |
|
1083 | raise HTTPForbidden() | |
1083 |
|
1084 | |||
|
1085 | allowed_to_comment = PullRequestModel().check_user_comment( | |||
|
1086 | pull_request, self._rhodecode_user) | |||
|
1087 | if not allowed_to_comment: | |||
|
1088 | log.debug( | |||
|
1089 | 'comment: forbidden because pull request is from forbidden repo') | |||
|
1090 | raise HTTPForbidden() | |||
|
1091 | ||||
1084 | c = self.load_default_context() |
|
1092 | c = self.load_default_context() | |
1085 |
|
1093 | |||
1086 | status = self.request.POST.get('changeset_status', None) |
|
1094 | status = self.request.POST.get('changeset_status', None) |
@@ -164,6 +164,10 b' class PullRequestModel(BaseModel):' | |||||
164 | pull_request.reviewers] |
|
164 | pull_request.reviewers] | |
165 | return self.check_user_update(pull_request, user, api) or reviewer |
|
165 | return self.check_user_update(pull_request, user, api) or reviewer | |
166 |
|
166 | |||
|
167 | def check_user_comment(self, pull_request, user): | |||
|
168 | owner = user.user_id == pull_request.user_id | |||
|
169 | return self.check_user_read(pull_request, user) or owner | |||
|
170 | ||||
167 | def get(self, pull_request): |
|
171 | def get(self, pull_request): | |
168 | return self.__get_pull_request(pull_request) |
|
172 | return self.__get_pull_request(pull_request) | |
169 |
|
173 |
General Comments 0
You need to be logged in to leave comments.
Login now