From 024e2fce51ac3bb88941c89072a3f83732aeb1c3 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Mon, 25 Nov 2024 21:48:51 -0800
Subject: [PATCH] Add todo for checking permissions

---
 routers/web/repo/pull_review.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/routers/web/repo/pull_review.go b/routers/web/repo/pull_review.go
index 29b89997b94..e44d0b69669 100644
--- a/routers/web/repo/pull_review.go
+++ b/routers/web/repo/pull_review.go
@@ -398,6 +398,7 @@ func UpdatePullReviewRequest(ctx *context.Context) {
 				return
 			}
 
+			// TODO: Team review request should check if the team has permission to review the PR
 			_, err = pull_service.TeamReviewRequest(ctx, issue.PullRequest, ctx.Doer, team, action == "attach")
 			if err != nil {
 				if issues_model.IsErrNotValidReviewRequest(err) {
@@ -430,6 +431,7 @@ func UpdatePullReviewRequest(ctx *context.Context) {
 			return
 		}
 
+		// TODO: Reviewer review request should check if the user has permission to review the PR
 		_, err = pull_service.ReviewRequest(ctx, issue.PullRequest, ctx.Doer, &ctx.Repo.Permission, reviewer, action == "attach")
 		if err != nil {
 			if issues_model.IsErrNotValidReviewRequest(err) {