[PATCH 11 of 14] controllers: pullrequests: comments are always using AJAX

Wed Nov 21 11:10:56 UTC 2018

On 11/20/2018 09:32 PM, Thomas De Schampheleire wrote:
> # HG changeset patch
> # User Thomas De Schampheleire <thomas.de_schampheleire at nokia.com>
> # Date 1542401121 -3600
> #      Fri Nov 16 21:45:21 2018 +0100
> # Node ID abef10c5c0d21af567d76d6ffaf5356cc3c3be81
> # Parent  92773b07e1244a8b1896cbf2cfb5941189112bdb
> controllers: pullrequests: comments are always using AJAX
>
> This is preparation to align commenting on changeset and pullrequests.
>
> diff --git a/kallithea/controllers/pullrequests.py b/kallithea/controllers/pullrequests.py
> --- a/kallithea/controllers/pullrequests.py
> +++ b/kallithea/controllers/pullrequests.py
> @@ -632,6 +632,7 @@ class PullrequestsController(BaseRepoCon
>       @HasRepoPermissionLevelDecorator('read')
>       @jsonify
>       def comment(self, repo_name, pull_request_id):
> +        assert request.environ.get('HTTP_X_PARTIAL_XHR')

Assertion checking can be disabled and should thus perhaps not be used 
for access control -ish things. But we already do that in many other 
places, so ok ...

/Mads

>           pull_request = PullRequest.get_or_404(pull_request_id)
>   
>           status = request.POST.get('changeset_status')
> @@ -698,9 +699,6 @@ class PullrequestsController(BaseRepoCon
>   
>           Session().commit()
>   
> -        if not request.environ.get('HTTP_X_PARTIAL_XHR'):
> -            raise HTTPFound(location=pull_request.url())
> -
>           data = {
>              'target_id': h.safeid(h.safe_unicode(request.POST.get('f_path'))),
>           }