Show More
@@ -93,7 +93,7 b' class NotificationsController(BaseContro' | |||
|
93 | 93 | def update(self, notification_id): |
|
94 | 94 | try: |
|
95 | 95 | no = Notification.get(notification_id) |
|
96 |
owner = all(un |
|
|
96 | owner = all(un.user_id == c.authuser.user_id | |
|
97 | 97 | for un in no.notifications_to_users) |
|
98 | 98 | if h.HasPermissionAny('hg.admin')() or owner: |
|
99 | 99 | # deletes only notification2user |
@@ -108,7 +108,7 b' class NotificationsController(BaseContro' | |||
|
108 | 108 | def delete(self, notification_id): |
|
109 | 109 | try: |
|
110 | 110 | no = Notification.get(notification_id) |
|
111 |
owner = any(un |
|
|
111 | owner = any(un.user_id == c.authuser.user_id | |
|
112 | 112 | for un in no.notifications_to_users) |
|
113 | 113 | if h.HasPermissionAny('hg.admin')() or owner: |
|
114 | 114 | # deletes only notification2user |
@@ -423,7 +423,7 b' class ReposController(BaseRepoController' | |||
|
423 | 423 | if x.repo_id != c.repo_info.repo_id] |
|
424 | 424 | |
|
425 | 425 | defaults = { |
|
426 |
'id_fork_of': c.repo_info.fork |
|
|
426 | 'id_fork_of': c.repo_info.fork_id if c.repo_info.fork_id else '' | |
|
427 | 427 | } |
|
428 | 428 | |
|
429 | 429 | c.active = 'advanced' |
@@ -422,7 +422,7 b' class ChangesetController(BaseRepoContro' | |||
|
422 | 422 | co = ChangesetComment.get_or_404(comment_id) |
|
423 | 423 | if co.repo.repo_name != repo_name: |
|
424 | 424 | raise HTTPNotFound() |
|
425 |
owner = co.author |
|
|
425 | owner = co.author_id == c.authuser.user_id | |
|
426 | 426 | repo_admin = h.HasRepoPermissionAny('repository.admin')(repo_name) |
|
427 | 427 | if h.HasPermissionAny('hg.admin')() or repo_admin or owner: |
|
428 | 428 | ChangesetCommentsModel().delete(comment=co) |
@@ -78,10 +78,10 b' class JournalController(BaseController):' | |||
|
78 | 78 | return groups |
|
79 | 79 | |
|
80 | 80 | def _get_journal_data(self, following_repos): |
|
81 |
repo_ids = [x.follows_repo |
|
|
82 |
if x.follows_repo |
|
|
83 |
user_ids = [x.follows_user |
|
|
84 | if x.follows_user is not None] | |
|
81 | repo_ids = [x.follows_repo_id for x in following_repos | |
|
82 | if x.follows_repo_id is not None] | |
|
83 | user_ids = [x.follows_user_id for x in following_repos | |
|
84 | if x.follows_user_id is not None] | |
|
85 | 85 | |
|
86 | 86 | filtering_criterion = None |
|
87 | 87 |
@@ -473,7 +473,7 b' class PullrequestsController(BaseRepoCon' | |||
|
473 | 473 | |
|
474 | 474 | ChangesetCommentsModel().create( |
|
475 | 475 | text=_('Closed, next iteration: %s .') % pull_request.url(canonical=True), |
|
476 |
repo=old_pull_request.other_repo |
|
|
476 | repo=old_pull_request.other_repo_id, | |
|
477 | 477 | author=c.authuser.user_id, |
|
478 | 478 | pull_request=old_pull_request.pull_request_id, |
|
479 | 479 | closing_pr=True) |
@@ -536,7 +536,7 b' class PullrequestsController(BaseRepoCon' | |||
|
536 | 536 | def delete(self, repo_name, pull_request_id): |
|
537 | 537 | pull_request = PullRequest.get_or_404(pull_request_id) |
|
538 | 538 | #only owner can delete it ! |
|
539 |
if pull_request.owner |
|
|
539 | if pull_request.owner_id == c.authuser.user_id: | |
|
540 | 540 | PullRequestModel().delete(pull_request) |
|
541 | 541 | Session().commit() |
|
542 | 542 | h.flash(_('Successfully deleted pull request'), |
@@ -758,7 +758,7 b' class PullrequestsController(BaseRepoCon' | |||
|
758 | 758 | raise HTTPForbidden() |
|
759 | 759 | |
|
760 | 760 | if delete == "delete": |
|
761 |
if (pull_request.owner |
|
|
761 | if (pull_request.owner_id == c.authuser.user_id or | |
|
762 | 762 | h.HasPermissionAny('hg.admin')() or |
|
763 | 763 | h.HasRepoPermissionAny('repository.admin')(pull_request.org_repo.repo_name) or |
|
764 | 764 | h.HasRepoPermissionAny('repository.admin')(pull_request.other_repo.repo_name) |
@@ -830,7 +830,7 b' class PullrequestsController(BaseRepoCon' | |||
|
830 | 830 | #don't allow deleting comments on closed pull request |
|
831 | 831 | raise HTTPForbidden() |
|
832 | 832 | |
|
833 |
owner = co.author |
|
|
833 | owner = co.author_id == c.authuser.user_id | |
|
834 | 834 | repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name) |
|
835 | 835 | if h.HasPermissionAny('hg.admin')() or repo_admin or owner: |
|
836 | 836 | ChangesetCommentsModel().delete(comment=co) |
@@ -202,7 +202,7 b' class UserGroupModel(BaseModel):' | |||
|
202 | 202 | |
|
203 | 203 | user_group_member = None |
|
204 | 204 | for m in user_group.members: |
|
205 |
if m |
|
|
205 | if m.user_id == user.user_id: | |
|
206 | 206 | # Found this user's membership row |
|
207 | 207 | user_group_member = m |
|
208 | 208 | break |
@@ -24,7 +24,7 b'' | |||
|
24 | 24 | <a class="permalink" href="${co.url()}">¶</a> |
|
25 | 25 | </span> |
|
26 | 26 | |
|
27 |
%if co.author |
|
|
27 | %if co.author_id == c.authuser.user_id or h.HasRepoPermissionAny('repository.admin')(c.repo_name): | |
|
28 | 28 | %if co.deletable(): |
|
29 | 29 | <div onClick="confirm('${_("Delete comment?")}') && deleteComment(${co.comment_id})" class="buttons delete-comment btn btn-mini" style="margin:0 5px">${_('Delete')}</div> |
|
30 | 30 | %endif |
@@ -81,7 +81,7 b'' | |||
|
81 | 81 | |
|
82 | 82 | %if c.pull_request is not None and ( \ |
|
83 | 83 | h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(c.repo_name) \ |
|
84 |
or c.pull_request.owner |
|
|
84 | or c.pull_request.owner_id == c.authuser.user_id): | |
|
85 | 85 | <div> |
|
86 | 86 | ${_('Finish pull request')}: |
|
87 | 87 | <label> |
@@ -59,7 +59,7 b'' | |||
|
59 | 59 | </a> |
|
60 | 60 | </td> |
|
61 | 61 | <td style="text-align:right"> |
|
62 |
%if pr.owner |
|
|
62 | %if pr.owner_id == c.authuser.user_id: | |
|
63 | 63 | ${h.form(url('pullrequest_delete', repo_name=pr.other_repo.repo_name, pull_request_id=pr.pull_request_id), style="display:inline-block")} |
|
64 | 64 | <button class="action_button" |
|
65 | 65 | id="remove_${pr.pull_request_id}" |
@@ -15,7 +15,7 b'' | |||
|
15 | 15 | </%block> |
|
16 | 16 | |
|
17 | 17 | <%def name="main()"> |
|
18 |
<% editable = not c.pull_request.is_closed() and (h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(c.repo_name) or c.pull_request.owner |
|
|
18 | <% editable = not c.pull_request.is_closed() and (h.HasPermissionAny('hg.admin')() or h.HasRepoPermissionAny('repository.admin')(c.repo_name) or c.pull_request.owner_id == c.authuser.user_id) %> | |
|
19 | 19 | ${self.repo_context_bar('showpullrequest')} |
|
20 | 20 | <div class="box"> |
|
21 | 21 | <!-- box / title --> |
@@ -70,7 +70,7 b' class TestNotifications(TestController):' | |||
|
70 | 70 | .filter(UserNotification.notification == notification).all() |
|
71 | 71 | |
|
72 | 72 | assert len(unotification) == len(usrs) |
|
73 |
assert set([x |
|
|
73 | assert set([x.user_id for x in unotification]) == set(usrs) | |
|
74 | 74 | |
|
75 | 75 | def test_user_notifications(self): |
|
76 | 76 | notification1 = NotificationModel().create(created_by=self.u1, |
General Comments 0
You need to be logged in to leave comments.
Login now