[copr] master: Move authorization checking for deleting coprs into logic (971c737) - copr-devel - Fedora mailing-lists

28 Mar 2013

Repository : http://git.fedorahosted.org/cgit/copr.git
On branch  : master
...

commit 971c737b620cb4851bffddf3d234b6550ce7ced9
Author: Bohuslav Kabrda bkabrda@redhat.com
Date:   Thu Mar 28 12:58:59 2013 +0100
Move authorization checking for deleting coprs into logic
...

coprs_frontend/coprs/logic/coprs_logic.py          |    3 ++-
 .../coprs/views/coprs_ns/coprs_general.py          |    6 +-----
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/coprs_frontend/coprs/logic/coprs_logic.py b/coprs_frontend/coprs/logic/coprs_logic.py
index 6922789..663c5cd 100644
--- a/coprs_frontend/coprs/logic/coprs_logic.py
+++ b/coprs_frontend/coprs/logic/coprs_logic.py
@@ -117,7 +117,8 @@ class CoprsLogic(object):
@classmethod
     def delete(cls, user, copr, check_for_duplicates=True):
-        # for the time being, we authorize user to do this in view...
+        if not copr.owner == user:
+            raise exceptions.InsufficientRightsException('Only owners may delete their Coprs.')
         # TODO: do we want to dump the information somewhere, so that we can search it in future?
         cls.raise_if_unfinished_action(user, copr,
                                        'Can't delete this Copr, another operation is in progress: {action}')
diff --git a/coprs_frontend/coprs/views/coprs_ns/coprs_general.py b/coprs_frontend/coprs/views/coprs_ns/coprs_general.py
index 51bc7d1..1b8353b 100644
--- a/coprs_frontend/coprs/views/coprs_ns/coprs_general.py
+++ b/coprs_frontend/coprs/views/coprs_ns/coprs_general.py
@@ -238,15 +238,11 @@ def copr_update_permissions(username, coprname):
 def copr_delete(username, coprname):
     form = forms.CoprDeleteForm()
     copr = coprs_logic.CoprsLogic.get(flask.g.user, username, coprname).first()
-    # only owner can delete a copr
-    if flask.g.user != copr.owner:
-        flask.flash('Only owners may delete their Coprs.')
-        return flask.redirect(flask.url_for('coprs_ns.copr_detail', username=username, coprname=coprname))
if form.validate_on_submit():
         try:
             coprs_logic.CoprsLogic.delete(flask.g.user, copr)
-        except exceptions.ActionInProgressException as e:
+        except (exceptions.ActionInProgressException, exceptions.InsufficientRightsException) as e:
             db.session.rollback()
             flask.flash(e)
             return flask.redirect(flask.url_for('coprs_ns.copr_detail', username=username, coprname=coprname))

    