[PATCH 05 of 14] controllers: align pullrequests.delete_comment with changeset.delete_comment

Thomas De Schampheleire patrickdepinguin at gmail.com
Tue Nov 20 20:32:16 UTC 2018 

# HG changeset patch
# User Thomas De Schampheleire <thomas.de_schampheleire at nokia.com>
# Date 1539979375 -7200
#      Fri Oct 19 22:02:55 2018 +0200
# Node ID 57b9fe6c7871e1ee74eca9c6723ccc4a9dfd5c77
# Parent  c7766ad745c60dd8a6263ff99b8157b1fe60e097
controllers: align pullrequests.delete_comment with changeset.delete_comment

This commit purely serves to highlight the differences.
The subsequent commit will remove the duplication.

diff --git a/kallithea/controllers/changeset.py b/kallithea/controllers/changeset.py
--- a/kallithea/controllers/changeset.py
+++ b/kallithea/controllers/changeset.py
@@ -399,10 +399,14 @@ class ChangesetController(BaseRepoContro
     @LoginRequired()
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
-    def delete_comment(self, repo_name, comment_id):
+    def delete_comment(self, repo_name, comment_id, pr_comment=False):
         co = ChangesetComment.get_or_404(comment_id)
         if co.repo.repo_name != repo_name:
             raise HTTPNotFound()
+        if pr_comment and co.pull_request.is_closed():
+            # don't allow deleting comments on closed pull request
+            raise HTTPForbidden()
+
         owner = co.author_id == request.authuser.user_id
         repo_admin = h.HasRepoPermissionLevel('admin')(repo_name)
         if h.HasPermissionAny('hg.admin')() or repo_admin or owner:
diff --git a/kallithea/controllers/pullrequests.py b/kallithea/controllers/pullrequests.py
--- a/kallithea/controllers/pullrequests.py
+++ b/kallithea/controllers/pullrequests.py
@@ -716,13 +716,15 @@ class PullrequestsController(BaseRepoCon
     @HasRepoPermissionLevelDecorator('read')
     @jsonify
     def delete_comment(self, repo_name, comment_id):
-        co = ChangesetComment.get(comment_id)
+        co = ChangesetComment.get_or_404(comment_id)
+        if co.repo.repo_name != repo_name:
+            raise HTTPNotFound()
         if co.pull_request.is_closed():
             # don't allow deleting comments on closed pull request
             raise HTTPForbidden()
 
         owner = co.author_id == request.authuser.user_id
-        repo_admin = h.HasRepoPermissionLevel('admin')(c.repo_name)
+        repo_admin = h.HasRepoPermissionLevel('admin')(repo_name)
         if h.HasPermissionAny('hg.admin')() or repo_admin or owner:
             ChangesetCommentsModel().delete(comment=co)
             Session().commit()

More information about the kallithea-general mailing list