Mercurial > kallithea
comparison rhodecode/controllers/pullrequests.py @ 3141:a45191e7c7bb beta
access control: fix owner checks - they were always true
The lambda expressions seems to be left over from something else. They were no
longer executed and thus always evaluated to true.
Some of the functions also failed if they were executed.
| author | Mads Kiilerich <madski@unity3d.com> |
|---|---|
| date | Wed, 02 Jan 2013 13:56:44 +0100 |
| parents | 324ed41c11b1 |
| children | 68f9c216377d |
comparison
equal
deleted
inserted
replaced
| 3140:105a0374faa1 | 3141:a45191e7c7bb |
|---|---|
| 475 co = ChangesetComment.get(comment_id) | 475 co = ChangesetComment.get(comment_id) |
| 476 if co.pull_request.is_closed(): | 476 if co.pull_request.is_closed(): |
| 477 #don't allow deleting comments on closed pull request | 477 #don't allow deleting comments on closed pull request |
| 478 raise HTTPForbidden() | 478 raise HTTPForbidden() |
| 479 | 479 |
| 480 owner = lambda: co.author.user_id == c.rhodecode_user.user_id | 480 owner = co.author.user_id == c.rhodecode_user.user_id |
| 481 if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner: | 481 if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner: |
| 482 ChangesetCommentsModel().delete(comment=co) | 482 ChangesetCommentsModel().delete(comment=co) |
| 483 Session().commit() | 483 Session().commit() |
| 484 return True | 484 return True |
| 485 else: | 485 else: |