Repository : http://git.fedorahosted.org/cgit/copr.git
On branch : master
commit 971c737b620cb4851bffddf3d234b6550ce7ced9 Author: Bohuslav Kabrda bkabrda@redhat.com Date: Thu Mar 28 12:58:59 2013 +0100
Move authorization checking for deleting coprs into logic
coprs_frontend/coprs/logic/coprs_logic.py | 3 ++- .../coprs/views/coprs_ns/coprs_general.py | 6 +----- 2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/coprs_frontend/coprs/logic/coprs_logic.py b/coprs_frontend/coprs/logic/coprs_logic.py index 6922789..663c5cd 100644 --- a/coprs_frontend/coprs/logic/coprs_logic.py +++ b/coprs_frontend/coprs/logic/coprs_logic.py @@ -117,7 +117,8 @@ class CoprsLogic(object):
@classmethod def delete(cls, user, copr, check_for_duplicates=True): - # for the time being, we authorize user to do this in view... + if not copr.owner == user: + raise exceptions.InsufficientRightsException('Only owners may delete their Coprs.') # TODO: do we want to dump the information somewhere, so that we can search it in future? cls.raise_if_unfinished_action(user, copr, 'Can't delete this Copr, another operation is in progress: {action}') diff --git a/coprs_frontend/coprs/views/coprs_ns/coprs_general.py b/coprs_frontend/coprs/views/coprs_ns/coprs_general.py index 51bc7d1..1b8353b 100644 --- a/coprs_frontend/coprs/views/coprs_ns/coprs_general.py +++ b/coprs_frontend/coprs/views/coprs_ns/coprs_general.py @@ -238,15 +238,11 @@ def copr_update_permissions(username, coprname): def copr_delete(username, coprname): form = forms.CoprDeleteForm() copr = coprs_logic.CoprsLogic.get(flask.g.user, username, coprname).first() - # only owner can delete a copr - if flask.g.user != copr.owner: - flask.flash('Only owners may delete their Coprs.') - return flask.redirect(flask.url_for('coprs_ns.copr_detail', username=username, coprname=coprname))
if form.validate_on_submit(): try: coprs_logic.CoprsLogic.delete(flask.g.user, copr) - except exceptions.ActionInProgressException as e: + except (exceptions.ActionInProgressException, exceptions.InsufficientRightsException) as e: db.session.rollback() flask.flash(e) return flask.redirect(flask.url_for('coprs_ns.copr_detail', username=username, coprname=coprname))
copr-devel@lists.fedorahosted.org