##// END OF EJS Templates
security: use 404 instead of 403 in case missing permissions for comment deletion....
ergo -
r1826:76aa3640 default
parent child Browse files
Show More
@@ -448,7 +448,9 b' class ChangesetController(BaseRepoContro'
448 Session().commit()
448 Session().commit()
449 return True
449 return True
450 else:
450 else:
451 raise HTTPForbidden()
451 log.warning('No permissions for user %s to delete comment_id: %s',
452 c.rhodecode_user, comment_id)
453 raise HTTPNotFound()
452
454
453 @LoginRequired()
455 @LoginRequired()
454 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
456 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
@@ -1013,4 +1013,6 b' class PullrequestsController(BaseRepoCon'
1013 comment.pull_request, c.rhodecode_user, 'review_status_change')
1013 comment.pull_request, c.rhodecode_user, 'review_status_change')
1014 return True
1014 return True
1015 else:
1015 else:
1016 raise HTTPForbidden()
1016 log.warning('No permissions for user %s to delete comment_id: %s',
1017 c.rhodecode_user, comment_id)
1018 raise HTTPNotFound()
General Comments 0
You need to be logged in to leave comments. Login now