Show More
| @@ -110,8 +110,8 b' class NotificationsController(BaseContro' | |||||
| 110 | # url('notification', notification_id=ID) |
|
110 | # url('notification', notification_id=ID) | |
| 111 | try: |
|
111 | try: | |
| 112 | no = Notification.get(notification_id) |
|
112 | no = Notification.get(notification_id) | |
| 113 | owner = lambda: (no.notifications_to_users.user.user_id |
|
113 | owner = all(un.user.user_id == c.rhodecode_user.user_id | |
| 114 |
|
|
114 | for un in no.notifications_to_users) | |
| 115 | if h.HasPermissionAny('hg.admin')() or owner: |
|
115 | if h.HasPermissionAny('hg.admin')() or owner: | |
| 116 | NotificationModel().mark_read(c.rhodecode_user.user_id, no) |
|
116 | NotificationModel().mark_read(c.rhodecode_user.user_id, no) | |
| 117 | Session().commit() |
|
117 | Session().commit() | |
| @@ -132,8 +132,8 b' class NotificationsController(BaseContro' | |||||
| 132 |
|
132 | |||
| 133 | try: |
|
133 | try: | |
| 134 | no = Notification.get(notification_id) |
|
134 | no = Notification.get(notification_id) | |
| 135 | owner = lambda: (no.notifications_to_users.user.user_id |
|
135 | owner = all(un.user.user_id == c.rhodecode_user.user_id | |
| 136 |
|
|
136 | for un in no.notifications_to_users) | |
| 137 | if h.HasPermissionAny('hg.admin')() or owner: |
|
137 | if h.HasPermissionAny('hg.admin')() or owner: | |
| 138 | NotificationModel().delete(c.rhodecode_user.user_id, no) |
|
138 | NotificationModel().delete(c.rhodecode_user.user_id, no) | |
| 139 | Session().commit() |
|
139 | Session().commit() | |
| @@ -149,8 +149,8 b' class NotificationsController(BaseContro' | |||||
| 149 | c.user = self.rhodecode_user |
|
149 | c.user = self.rhodecode_user | |
| 150 | no = Notification.get(notification_id) |
|
150 | no = Notification.get(notification_id) | |
| 151 |
|
151 | |||
| 152 | owner = lambda: (no.notifications_to_users.user.user_id |
|
152 | owner = all(un.user.user_id == c.rhodecode_user.user_id | |
| 153 |
|
|
153 | for un in no.notifications_to_users) | |
| 154 | if no and (h.HasPermissionAny('hg.admin', 'repository.admin')() or owner): |
|
154 | if no and (h.HasPermissionAny('hg.admin', 'repository.admin')() or owner): | |
| 155 | unotification = NotificationModel()\ |
|
155 | unotification = NotificationModel()\ | |
| 156 | .get_user_notification(c.user.user_id, no) |
|
156 | .get_user_notification(c.user.user_id, no) | |
| @@ -371,7 +371,7 b' class ChangesetController(BaseRepoContro' | |||||
| 371 | @jsonify |
|
371 | @jsonify | |
| 372 | def delete_comment(self, repo_name, comment_id): |
|
372 | def delete_comment(self, repo_name, comment_id): | |
| 373 | co = ChangesetComment.get(comment_id) |
|
373 | co = ChangesetComment.get(comment_id) | |
| 374 |
owner = |
|
374 | owner = co.author.user_id == c.rhodecode_user.user_id | |
| 375 | if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner: |
|
375 | if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner: | |
| 376 | ChangesetCommentsModel().delete(comment=co) |
|
376 | ChangesetCommentsModel().delete(comment=co) | |
| 377 | Session().commit() |
|
377 | Session().commit() | |
| @@ -477,7 +477,7 b' class PullrequestsController(BaseRepoCon' | |||||
| 477 | #don't allow deleting comments on closed pull request |
|
477 | #don't allow deleting comments on closed pull request | |
| 478 | raise HTTPForbidden() |
|
478 | raise HTTPForbidden() | |
| 479 |
|
479 | |||
| 480 |
owner = |
|
480 | owner = co.author.user_id == c.rhodecode_user.user_id | |
| 481 | if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner: |
|
481 | if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner: | |
| 482 | ChangesetCommentsModel().delete(comment=co) |
|
482 | ChangesetCommentsModel().delete(comment=co) | |
| 483 | Session().commit() |
|
483 | Session().commit() | |
| @@ -82,6 +82,7 b' class TestNotificationsController(TestCo' | |||||
| 82 | response = self.app.delete(url('notification', |
|
82 | response = self.app.delete(url('notification', | |
| 83 | notification_id= |
|
83 | notification_id= | |
| 84 | notification.notification_id)) |
|
84 | notification.notification_id)) | |
|
|
85 | self.assertEqual(response.body, 'ok') | |||
| 85 |
|
86 | |||
| 86 | cur_user = User.get(cur_usr_id) |
|
87 | cur_user = User.get(cur_usr_id) | |
| 87 | self.assertEqual(cur_user.notifications, []) |
|
88 | self.assertEqual(cur_user.notifications, []) | |
General Comments 0
You need to be logged in to leave comments.
Login now