Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, deshani, dill0wn, and 10 others

Git Merge Request #100: [#8029] Submitter able to reject requests. (rejected)

Merging...

Merged

Something went wrong. Please, merge manually

Checking if merge is possible...

Something went wrong. Please, merge manually

Pranav Sharma wants to merge 0 commits from /u/pranav/allura/ to master, 2016-03-11

Determining commits...

Discussion

Dave Brondsema - 2016-03-10

This would let a user change their own merge request status to "open" (e.g. after it was rejected). This is unlikely since there's not a form to do that, but it is possible someone could construct an http request to do it, so we should protect against it.

Here's the logic that I think would capture what we want: require write access, or if the user is the creator they can set it to "rejected". No other checks needed:

if status and (has_access(self.req, 'write') or (self.req.creator == c.user and status == 'rejected')):
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Pranav Sharma - 2016-03-11
  
  Thanks @Dave for helping me out.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2016-03-11

Status: open --> rejected
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.