diff options
| author | Lanre Adelowo <adelowomailbox@gmail.com> | 2018-08-20 06:04:01 +0100 |
|---|---|---|
| committer | Jonas Franz <info@jonasfranz.software> | 2018-08-20 07:04:01 +0200 |
| commit | 6c1a31ffaaddf8ced7c30bf5b1e6e82d66f8c6ee (patch) | |
| tree | d9a744f9495547f626d591334bc78bc86b8dfc50 | |
| parent | fa93857117307a54e6e3feb4a80de6d7d19ccbed (diff) | |
| download | gitea-6c1a31ffaaddf8ced7c30bf5b1e6e82d66f8c6ee.tar.gz gitea-6c1a31ffaaddf8ced7c30bf5b1e6e82d66f8c6ee.zip | |
User shouldn't be able to approve or reject his/her own PR (#4729)
* Make sure author cannot reject/approve their own PR
* Disable buttons in templates too
* Remove unneccessary if check since the switch below catches it
* Fix IsOwner check
* Update template and remove new template variable
* Add alert template and redirect to diff page on review failure
* Redirect to files diff as a little update to #4632
| -rw-r--r-- | options/locale/locale_en-US.ini | 2 | ||||
| -rw-r--r-- | routers/repo/pull_review.go | 24 | ||||
| -rw-r--r-- | templates/repo/diff/new_review.tmpl | 6 | ||||
| -rw-r--r-- | templates/repo/pulls/files.tmpl | 1 |
4 files changed, 28 insertions, 5 deletions
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 82925e9c0f..4b2b20204f 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -814,6 +814,8 @@ issues.dependency.add_error_dep_not_exist = Dependency does not exist. issues.dependency.add_error_dep_exists = Dependency already exists. issues.dependency.add_error_cannot_create_circular = You cannot create a dependency with two issues blocking each other. issues.dependency.add_error_dep_not_same_repo = Both issues must be in the same repository. +issues.review.self.approval = You cannot approve your own pull request. +issues.review.self.rejection = You cannot request changes on your own pull request. issues.review.approve = "approved these changes %s" issues.review.comment = "reviewed %s" issues.review.content.empty = You need to leave a comment indicating the requested change(s). diff --git a/routers/repo/pull_review.go b/routers/repo/pull_review.go index 7ca02ac809..1269a7a7e7 100644 --- a/routers/repo/pull_review.go +++ b/routers/repo/pull_review.go @@ -103,14 +103,34 @@ func SubmitReview(ctx *context.Context, form auth.SubmitReviewForm) { var err error reviewType := form.ReviewType() - if reviewType == models.ReviewTypeUnknown { + + switch reviewType { + case models.ReviewTypeUnknown: ctx.ServerError("GetCurrentReview", fmt.Errorf("unknown ReviewType: %s", form.Type)) return + + // can not approve/reject your own PR + case models.ReviewTypeApprove, models.ReviewTypeReject: + + if issue.Poster.ID == ctx.User.ID { + + var translated string + + if reviewType == models.ReviewTypeApprove { + translated = ctx.Tr("repo.issues.review.self.approval") + } else { + translated = ctx.Tr("repo.issues.review.self.rejection") + } + + ctx.Flash.Error(translated) + ctx.Redirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index)) + return + } } if form.HasEmptyContent() { ctx.Flash.Error(ctx.Tr("repo.issues.review.content.empty")) - ctx.Redirect(fmt.Sprintf("%s/pulls/%d", ctx.Repo.RepoLink, issue.Index)) + ctx.Redirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index)) return } diff --git a/templates/repo/diff/new_review.tmpl b/templates/repo/diff/new_review.tmpl index 2b49ac7296..68d8f893f2 100644 --- a/templates/repo/diff/new_review.tmpl +++ b/templates/repo/diff/new_review.tmpl @@ -16,11 +16,11 @@ placeholder="{{$.i18n.Tr "repo.diff.review.placeholder"}}"></textarea> </div> <div class="ui divider"></div> - <button type="submit" name="type" value="approve" + <button type="submit" name="type" value="approve" {{ if and $.IsSigned ($.Issue.IsPoster $.SignedUser.ID) }} disabled {{ end }} class="ui submit green tiny button btn-submit">{{$.i18n.Tr "repo.diff.review.approve"}}</button> <button type="submit" name="type" value="comment" - class="ui submit tiny basic button btn-submit">{{$.i18n.Tr "repo.diff.review.comment"}}</button> - <button type="submit" name="type" value="reject" + class="ui submit tiny basic button btn-submit">{{$.i18n.Tr "repo.diff.review.comment"}}</button> + <button type="submit" name="type" value="reject" {{ if and $.IsSigned ($.Issue.IsPoster $.SignedUser.ID) }} disabled {{ end }} class="ui submit red tiny button btn-submit">{{$.i18n.Tr "repo.diff.review.reject"}}</button> </form> </div> diff --git a/templates/repo/pulls/files.tmpl b/templates/repo/pulls/files.tmpl index 7663788c68..fb46919f88 100644 --- a/templates/repo/pulls/files.tmpl +++ b/templates/repo/pulls/files.tmpl @@ -11,6 +11,7 @@ <div class="ui divider"></div> {{template "repo/issue/view_title" .}} {{template "repo/pulls/tab_menu" .}} + {{template "base/alert" .}} <div class="ui bottom attached tab pull segment active"> {{template "repo/diff/box" .}} </div> |