mirror of
https://github.com/go-gitea/gitea.git
synced 2025-10-24 17:14:30 +02:00
User shouldn't be able to approve or reject his/her own PR (#4729)
* Make sure author cannot reject/approve their own PR * Disable buttons in templates too * Remove unneccessary if check since the switch below catches it * Fix IsOwner check * Update template and remove new template variable * Add alert template and redirect to diff page on review failure * Redirect to files diff as a little update to #4632
This commit is contained in:
parent
fa93857117
commit
6c1a31ffaa
@ -814,6 +814,8 @@ issues.dependency.add_error_dep_not_exist = Dependency does not exist.
|
|||||||
issues.dependency.add_error_dep_exists = Dependency already exists.
|
issues.dependency.add_error_dep_exists = Dependency already exists.
|
||||||
issues.dependency.add_error_cannot_create_circular = You cannot create a dependency with two issues blocking each other.
|
issues.dependency.add_error_cannot_create_circular = You cannot create a dependency with two issues blocking each other.
|
||||||
issues.dependency.add_error_dep_not_same_repo = Both issues must be in the same repository.
|
issues.dependency.add_error_dep_not_same_repo = Both issues must be in the same repository.
|
||||||
|
issues.review.self.approval = You cannot approve your own pull request.
|
||||||
|
issues.review.self.rejection = You cannot request changes on your own pull request.
|
||||||
issues.review.approve = "approved these changes %s"
|
issues.review.approve = "approved these changes %s"
|
||||||
issues.review.comment = "reviewed %s"
|
issues.review.comment = "reviewed %s"
|
||||||
issues.review.content.empty = You need to leave a comment indicating the requested change(s).
|
issues.review.content.empty = You need to leave a comment indicating the requested change(s).
|
||||||
|
@ -103,14 +103,34 @@ func SubmitReview(ctx *context.Context, form auth.SubmitReviewForm) {
|
|||||||
var err error
|
var err error
|
||||||
|
|
||||||
reviewType := form.ReviewType()
|
reviewType := form.ReviewType()
|
||||||
if reviewType == models.ReviewTypeUnknown {
|
|
||||||
|
switch reviewType {
|
||||||
|
case models.ReviewTypeUnknown:
|
||||||
ctx.ServerError("GetCurrentReview", fmt.Errorf("unknown ReviewType: %s", form.Type))
|
ctx.ServerError("GetCurrentReview", fmt.Errorf("unknown ReviewType: %s", form.Type))
|
||||||
return
|
return
|
||||||
|
|
||||||
|
// can not approve/reject your own PR
|
||||||
|
case models.ReviewTypeApprove, models.ReviewTypeReject:
|
||||||
|
|
||||||
|
if issue.Poster.ID == ctx.User.ID {
|
||||||
|
|
||||||
|
var translated string
|
||||||
|
|
||||||
|
if reviewType == models.ReviewTypeApprove {
|
||||||
|
translated = ctx.Tr("repo.issues.review.self.approval")
|
||||||
|
} else {
|
||||||
|
translated = ctx.Tr("repo.issues.review.self.rejection")
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx.Flash.Error(translated)
|
||||||
|
ctx.Redirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if form.HasEmptyContent() {
|
if form.HasEmptyContent() {
|
||||||
ctx.Flash.Error(ctx.Tr("repo.issues.review.content.empty"))
|
ctx.Flash.Error(ctx.Tr("repo.issues.review.content.empty"))
|
||||||
ctx.Redirect(fmt.Sprintf("%s/pulls/%d", ctx.Repo.RepoLink, issue.Index))
|
ctx.Redirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -16,11 +16,11 @@
|
|||||||
placeholder="{{$.i18n.Tr "repo.diff.review.placeholder"}}"></textarea>
|
placeholder="{{$.i18n.Tr "repo.diff.review.placeholder"}}"></textarea>
|
||||||
</div>
|
</div>
|
||||||
<div class="ui divider"></div>
|
<div class="ui divider"></div>
|
||||||
<button type="submit" name="type" value="approve"
|
<button type="submit" name="type" value="approve" {{ if and $.IsSigned ($.Issue.IsPoster $.SignedUser.ID) }} disabled {{ end }}
|
||||||
class="ui submit green tiny button btn-submit">{{$.i18n.Tr "repo.diff.review.approve"}}</button>
|
class="ui submit green tiny button btn-submit">{{$.i18n.Tr "repo.diff.review.approve"}}</button>
|
||||||
<button type="submit" name="type" value="comment"
|
<button type="submit" name="type" value="comment"
|
||||||
class="ui submit tiny basic button btn-submit">{{$.i18n.Tr "repo.diff.review.comment"}}</button>
|
class="ui submit tiny basic button btn-submit">{{$.i18n.Tr "repo.diff.review.comment"}}</button>
|
||||||
<button type="submit" name="type" value="reject"
|
<button type="submit" name="type" value="reject" {{ if and $.IsSigned ($.Issue.IsPoster $.SignedUser.ID) }} disabled {{ end }}
|
||||||
class="ui submit red tiny button btn-submit">{{$.i18n.Tr "repo.diff.review.reject"}}</button>
|
class="ui submit red tiny button btn-submit">{{$.i18n.Tr "repo.diff.review.reject"}}</button>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
@ -11,6 +11,7 @@
|
|||||||
<div class="ui divider"></div>
|
<div class="ui divider"></div>
|
||||||
{{template "repo/issue/view_title" .}}
|
{{template "repo/issue/view_title" .}}
|
||||||
{{template "repo/pulls/tab_menu" .}}
|
{{template "repo/pulls/tab_menu" .}}
|
||||||
|
{{template "base/alert" .}}
|
||||||
<div class="ui bottom attached tab pull segment active">
|
<div class="ui bottom attached tab pull segment active">
|
||||||
{{template "repo/diff/box" .}}
|
{{template "repo/diff/box" .}}
|
||||||
</div>
|
</div>
|
||||||
|
Loading…
x
Reference in New Issue
Block a user