| |
@@ -12442,6 +12442,8 @@
|
| |
host.verify()
|
| |
task = Task(task_id)
|
| |
task.assertHost(host.id)
|
| |
+ pkg_id = get_build(build, strict=True)['package_id']
|
| |
+ tag_id = get_tag(tag, strict=True)['id']
|
| |
user_id = task.getOwner()
|
| |
policy_data = {'tag' : tag, 'build' : build, 'fromtag' : fromtag}
|
| |
policy_data['user_id'] = user_id
|
| |
@@ -12449,10 +12451,23 @@
|
| |
policy_data['operation'] = 'tag'
|
| |
else:
|
| |
policy_data['operation'] = 'move'
|
| |
- #don't check policy for admins using force
|
| |
+ # don't check policy for admins using force
|
| |
perms = koji.auth.get_user_perms(user_id)
|
| |
if not force or 'admin' not in perms:
|
| |
assert_policy('tag', policy_data)
|
| |
+ # package list check
|
| |
+ pkgs = readPackageList(tagID=tag_id, pkgID=pkg_id, inherit=True)
|
| |
+ pkg_error = None
|
| |
+ if pkg_id not in pkgs:
|
| |
+ pkg_error = "Package %s not in list for %s" % (build, tag)
|
| |
+ elif pkgs[pkg_id]['blocked']:
|
| |
+ pkg_error = "Package %s blocked in %s" % (build, tag)
|
| |
+ if pkg_error:
|
| |
+ if force and context.session.hasPerm('admin'):
|
| |
+ pkglist_add(tag_id, pkg_id, force=True, block=False)
|
| |
+ else:
|
| |
+ raise koji.TagError(pkg_error)
|
| |
+ # do the actual work now
|
| |
if fromtag:
|
| |
_untag_build(fromtag, build, user_id=user_id, force=force, strict=True)
|
| |
_tag_build(tag, build, user_id=user_id, force=force)
|
| |
jcpunk
commented 3 years ago
The host.tagBuild method was missing a check to ensure the package was actually listed in the destination tag. This should now be checked as expected.