##// END OF EJS Templates
u » pc » rhodecode-enterprise-ce-fork-pc
RSS

Fork of rhodecode-enterprise-ce

pull-requests: use consistent check who is allowed to delete a pull request.
marcink -
r1607:5a387f60 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -576,13 +576,21 b' class PullrequestsController(BaseRepoCon'
576 def delete(self, repo_name, pull_request_id):
576 def delete(self, repo_name, pull_request_id):
577 pull_request_id = safe_int(pull_request_id)
577 pull_request_id = safe_int(pull_request_id)
578 pull_request = PullRequest.get_or_404(pull_request_id)
578 pull_request = PullRequest.get_or_404(pull_request_id)
579
580 pr_closed = pull_request.is_closed()
581 allowed_to_delete = PullRequestModel().check_user_delete(
582 pull_request, c.rhodecode_user) and not pr_closed
583
579 # only owner can delete it !
584 # only owner can delete it !
580 if pull_request.author.user_id == c.rhodecode_user.user_id:
585 if allowed_to_delete:
581 PullRequestModel().delete(pull_request)
586 PullRequestModel().delete(pull_request)
582 Session().commit()
587 Session().commit()
583 h.flash(_('Successfully deleted pull request'),
588 h.flash(_('Successfully deleted pull request'),
584 category='success')
589 category='success')
585 return redirect(url('my_account_pullrequests'))
590 return redirect(url('my_account_pullrequests'))
591
592 h.flash(_('Your are not allowed to delete this pull request'),
593 category='error')
586 raise HTTPForbidden()
594 raise HTTPForbidden()
587
595
588 def _get_pr_version(self, pull_request_id, version=None):
596 def _get_pr_version(self, pull_request_id, version=None):
General Comments 0
You need to be logged in to leave comments. Login now