From 6c1a31ffaaddf8ced7c30bf5b1e6e82d66f8c6ee Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Mon, 20 Aug 2018 06:04:01 +0100 Subject: User shouldn't be able to approve or reject his/her own PR (#4729) * Make sure author cannot reject/approve their own PR * Disable buttons in templates too * Remove unneccessary if check since the switch below catches it * Fix IsOwner check * Update template and remove new template variable * Add alert template and redirect to diff page on review failure * Redirect to files diff as a little update to #4632 --- routers/repo/pull_review.go | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'routers/repo') diff --git a/routers/repo/pull_review.go b/routers/repo/pull_review.go index 7ca02ac809..1269a7a7e7 100644 --- a/routers/repo/pull_review.go +++ b/routers/repo/pull_review.go @@ -103,14 +103,34 @@ func SubmitReview(ctx *context.Context, form auth.SubmitReviewForm) { var err error reviewType := form.ReviewType() - if reviewType == models.ReviewTypeUnknown { + + switch reviewType { + case models.ReviewTypeUnknown: ctx.ServerError("GetCurrentReview", fmt.Errorf("unknown ReviewType: %s", form.Type)) return + + // can not approve/reject your own PR + case models.ReviewTypeApprove, models.ReviewTypeReject: + + if issue.Poster.ID == ctx.User.ID { + + var translated string + + if reviewType == models.ReviewTypeApprove { + translated = ctx.Tr("repo.issues.review.self.approval") + } else { + translated = ctx.Tr("repo.issues.review.self.rejection") + } + + ctx.Flash.Error(translated) + ctx.Redirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index)) + return + } } if form.HasEmptyContent() { ctx.Flash.Error(ctx.Tr("repo.issues.review.content.empty")) - ctx.Redirect(fmt.Sprintf("%s/pulls/%d", ctx.Repo.RepoLink, issue.Index)) + ctx.Redirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index)) return } -- cgit v1.2.3