#4295 Fix delete permission detection for PRs against the same repo
Closed 8 months ago by pingou. Opened a year ago by puiterwijk.
puiterwijk/pagure fix_delete_difproj  into  master

file modified
+6 -2

@@ -331,7 +331,9 @@ 

      can_delete_branch = (

          pagure_config.get("ALLOW_DELETE_BRANCH", True)

          and not request.remote_git

-         and pagure.utils.is_repo_committer(request.project_from)

+         and pagure.utils.is_repo_committer(

+             request.project_from or request.project

+         )


      return flask.render_template(


@@ -1134,7 +1136,9 @@ 




-         if not pagure.utils.is_repo_committer(request.project_from):

+         if not pagure.utils.is_repo_committer(

+             request.project_from or request.project

+         ):


                  "You do not have permissions to delete the branch in the "

                  "source repo",

If the repository the PR is against is the same as the PR is from, "request.project_from"
is None, and we should check "request.project" to see whether the person has permission
to delete branches.

This was causing "repo_obj" in is_repo_committer to be None.
The reason this wasn't encountered by any admins is because is_repo_committer returns
True with "is_admin()" before it even gets to using repo_obj.

Signed-off-by: Patrick Uiterwijk patrick@puiterwijk.org

rebased onto eb4d17dd0a9db25bea7540718761bfaa69063afb

a year ago

Oh, nice catch!

Should we add tests for this somewhere?

rebased onto e88504b

a year ago

I'd love to get this in 5.4 but I'd want unit-tests for it :(

With the recent work on the rebase button I wonder if this is still valid.

Pull-Request has been closed by pingou

8 months ago