mirror of
https://github.com/go-gitea/gitea
synced 2024-11-16 19:29:32 +01:00
Prevent allow/reject reviews on merged/closed PRs (#30686)
Resolves #30675.
This commit is contained in:
parent
238eb3ff9f
commit
dd301cae1c
@ -4,6 +4,7 @@
|
|||||||
package repo
|
package repo
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
@ -372,7 +373,11 @@ func CreatePullReview(ctx *context.APIContext) {
|
|||||||
// create review and associate all pending review comments
|
// create review and associate all pending review comments
|
||||||
review, _, err := pull_service.SubmitReview(ctx, ctx.Doer, ctx.Repo.GitRepo, pr.Issue, reviewType, opts.Body, opts.CommitID, nil)
|
review, _, err := pull_service.SubmitReview(ctx, ctx.Doer, ctx.Repo.GitRepo, pr.Issue, reviewType, opts.Body, opts.CommitID, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Error(http.StatusInternalServerError, "SubmitReview", err)
|
if errors.Is(err, pull_service.ErrSubmitReviewOnClosedPR) {
|
||||||
|
ctx.Error(http.StatusUnprocessableEntity, "", err)
|
||||||
|
} else {
|
||||||
|
ctx.Error(http.StatusInternalServerError, "SubmitReview", err)
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -460,7 +465,11 @@ func SubmitPullReview(ctx *context.APIContext) {
|
|||||||
// create review and associate all pending review comments
|
// create review and associate all pending review comments
|
||||||
review, _, err = pull_service.SubmitReview(ctx, ctx.Doer, ctx.Repo.GitRepo, pr.Issue, reviewType, opts.Body, headCommitID, nil)
|
review, _, err = pull_service.SubmitReview(ctx, ctx.Doer, ctx.Repo.GitRepo, pr.Issue, reviewType, opts.Body, headCommitID, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Error(http.StatusInternalServerError, "SubmitReview", err)
|
if errors.Is(err, pull_service.ErrSubmitReviewOnClosedPR) {
|
||||||
|
ctx.Error(http.StatusUnprocessableEntity, "", err)
|
||||||
|
} else {
|
||||||
|
ctx.Error(http.StatusInternalServerError, "SubmitReview", err)
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -264,6 +264,8 @@ func SubmitReview(ctx *context.Context) {
|
|||||||
if issues_model.IsContentEmptyErr(err) {
|
if issues_model.IsContentEmptyErr(err) {
|
||||||
ctx.Flash.Error(ctx.Tr("repo.issues.review.content.empty"))
|
ctx.Flash.Error(ctx.Tr("repo.issues.review.content.empty"))
|
||||||
ctx.JSONRedirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
|
ctx.JSONRedirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
|
||||||
|
} else if errors.Is(err, pull_service.ErrSubmitReviewOnClosedPR) {
|
||||||
|
ctx.Status(http.StatusUnprocessableEntity)
|
||||||
} else {
|
} else {
|
||||||
ctx.ServerError("SubmitReview", err)
|
ctx.ServerError("SubmitReview", err)
|
||||||
}
|
}
|
||||||
|
@ -6,6 +6,7 @@ package pull
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"regexp"
|
"regexp"
|
||||||
@ -43,6 +44,9 @@ func (err ErrDismissRequestOnClosedPR) Unwrap() error {
|
|||||||
return util.ErrPermissionDenied
|
return util.ErrPermissionDenied
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ErrSubmitReviewOnClosedPR represents an error when an user tries to submit an approve or reject review associated to a closed or merged PR.
|
||||||
|
var ErrSubmitReviewOnClosedPR = errors.New("can't submit review for a closed or merged PR")
|
||||||
|
|
||||||
// checkInvalidation checks if the line of code comment got changed by another commit.
|
// checkInvalidation checks if the line of code comment got changed by another commit.
|
||||||
// If the line got changed the comment is going to be invalidated.
|
// If the line got changed the comment is going to be invalidated.
|
||||||
func checkInvalidation(ctx context.Context, c *issues_model.Comment, doer *user_model.User, repo *git.Repository, branch string) error {
|
func checkInvalidation(ctx context.Context, c *issues_model.Comment, doer *user_model.User, repo *git.Repository, branch string) error {
|
||||||
@ -293,6 +297,10 @@ func SubmitReview(ctx context.Context, doer *user_model.User, gitRepo *git.Repos
|
|||||||
if reviewType != issues_model.ReviewTypeApprove && reviewType != issues_model.ReviewTypeReject {
|
if reviewType != issues_model.ReviewTypeApprove && reviewType != issues_model.ReviewTypeReject {
|
||||||
stale = false
|
stale = false
|
||||||
} else {
|
} else {
|
||||||
|
if issue.IsClosed {
|
||||||
|
return nil, nil, ErrSubmitReviewOnClosedPR
|
||||||
|
}
|
||||||
|
|
||||||
headCommitID, err := gitRepo.GetRefCommitID(pr.GetGitRefName())
|
headCommitID, err := gitRepo.GetRefCommitID(pr.GetGitRefName())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
|
@ -30,20 +30,24 @@
|
|||||||
{{end}}
|
{{end}}
|
||||||
<div class="divider"></div>
|
<div class="divider"></div>
|
||||||
{{$showSelfTooltip := (and $.IsSigned ($.Issue.IsPoster $.SignedUser.ID))}}
|
{{$showSelfTooltip := (and $.IsSigned ($.Issue.IsPoster $.SignedUser.ID))}}
|
||||||
{{if $showSelfTooltip}}
|
{{if not $.Issue.IsClosed}}
|
||||||
<span class="tw-inline-block" data-tooltip-content="{{ctx.Locale.Tr "repo.diff.review.self_approve"}}">
|
{{if $showSelfTooltip}}
|
||||||
<button type="submit" name="type" value="approve" disabled class="ui submit primary tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.approve"}}</button>
|
<span class="tw-inline-block" data-tooltip-content="{{ctx.Locale.Tr "repo.diff.review.self_approve"}}">
|
||||||
</span>
|
<button type="submit" name="type" value="approve" disabled class="ui submit primary tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.approve"}}</button>
|
||||||
{{else}}
|
</span>
|
||||||
<button type="submit" name="type" value="approve" class="ui submit primary tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.approve"}}</button>
|
{{else}}
|
||||||
|
<button type="submit" name="type" value="approve" class="ui submit primary tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.approve"}}</button>
|
||||||
|
{{end}}
|
||||||
{{end}}
|
{{end}}
|
||||||
<button type="submit" name="type" value="comment" class="ui submit tiny basic button btn-submit">{{ctx.Locale.Tr "repo.diff.review.comment"}}</button>
|
<button type="submit" name="type" value="comment" class="ui submit tiny basic button btn-submit">{{ctx.Locale.Tr "repo.diff.review.comment"}}</button>
|
||||||
{{if $showSelfTooltip}}
|
{{if not $.Issue.IsClosed}}
|
||||||
<span class="tw-inline-block" data-tooltip-content="{{ctx.Locale.Tr "repo.diff.review.self_reject"}}">
|
{{if $showSelfTooltip}}
|
||||||
<button type="submit" name="type" value="reject" disabled class="ui submit red tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.reject"}}</button>
|
<span class="tw-inline-block" data-tooltip-content="{{ctx.Locale.Tr "repo.diff.review.self_reject"}}">
|
||||||
</span>
|
<button type="submit" name="type" value="reject" disabled class="ui submit red tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.reject"}}</button>
|
||||||
{{else}}
|
</span>
|
||||||
<button type="submit" name="type" value="reject" class="ui submit red tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.reject"}}</button>
|
{{else}}
|
||||||
|
<button type="submit" name="type" value="reject" class="ui submit red tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.reject"}}</button>
|
||||||
|
{{end}}
|
||||||
{{end}}
|
{{end}}
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
@ -5,12 +5,15 @@ package integration
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"path"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"code.gitea.io/gitea/models/db"
|
"code.gitea.io/gitea/models/db"
|
||||||
issues_model "code.gitea.io/gitea/models/issues"
|
issues_model "code.gitea.io/gitea/models/issues"
|
||||||
|
repo_model "code.gitea.io/gitea/models/repo"
|
||||||
"code.gitea.io/gitea/models/unittest"
|
"code.gitea.io/gitea/models/unittest"
|
||||||
user_model "code.gitea.io/gitea/models/user"
|
user_model "code.gitea.io/gitea/models/user"
|
||||||
"code.gitea.io/gitea/modules/git"
|
"code.gitea.io/gitea/modules/git"
|
||||||
@ -176,3 +179,82 @@ func TestPullView_CodeOwner(t *testing.T) {
|
|||||||
})
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestPullView_GivenApproveOrRejectReviewOnClosedPR(t *testing.T) {
|
||||||
|
onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
|
||||||
|
user1Session := loginUser(t, "user1")
|
||||||
|
user2Session := loginUser(t, "user2")
|
||||||
|
|
||||||
|
// Have user1 create a fork of repo1.
|
||||||
|
testRepoFork(t, user1Session, "user2", "repo1", "user1", "repo1")
|
||||||
|
|
||||||
|
t.Run("Submit approve/reject review on merged PR", func(t *testing.T) {
|
||||||
|
// Create a merged PR (made by user1) in the upstream repo1.
|
||||||
|
testEditFile(t, user1Session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n")
|
||||||
|
resp := testPullCreate(t, user1Session, "user1", "repo1", false, "master", "master", "This is a pull title")
|
||||||
|
elem := strings.Split(test.RedirectURL(resp), "/")
|
||||||
|
assert.EqualValues(t, "pulls", elem[3])
|
||||||
|
testPullMerge(t, user1Session, elem[1], elem[2], elem[4], repo_model.MergeStyleMerge, false)
|
||||||
|
|
||||||
|
// Grab the CSRF token.
|
||||||
|
req := NewRequest(t, "GET", path.Join(elem[1], elem[2], "pulls", elem[4]))
|
||||||
|
resp = user2Session.MakeRequest(t, req, http.StatusOK)
|
||||||
|
htmlDoc := NewHTMLParser(t, resp.Body)
|
||||||
|
|
||||||
|
// Submit an approve review on the PR.
|
||||||
|
testSubmitReview(t, user2Session, htmlDoc.GetCSRF(), "user2", "repo1", elem[4], "approve", http.StatusUnprocessableEntity)
|
||||||
|
|
||||||
|
// Submit a reject review on the PR.
|
||||||
|
testSubmitReview(t, user2Session, htmlDoc.GetCSRF(), "user2", "repo1", elem[4], "reject", http.StatusUnprocessableEntity)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("Submit approve/reject review on closed PR", func(t *testing.T) {
|
||||||
|
// Created a closed PR (made by user1) in the upstream repo1.
|
||||||
|
testEditFileToNewBranch(t, user1Session, "user1", "repo1", "master", "a-test-branch", "README.md", "Hello, World (Editied...again)\n")
|
||||||
|
resp := testPullCreate(t, user1Session, "user1", "repo1", false, "master", "a-test-branch", "This is a pull title")
|
||||||
|
elem := strings.Split(test.RedirectURL(resp), "/")
|
||||||
|
assert.EqualValues(t, "pulls", elem[3])
|
||||||
|
testIssueClose(t, user1Session, elem[1], elem[2], elem[4])
|
||||||
|
|
||||||
|
// Grab the CSRF token.
|
||||||
|
req := NewRequest(t, "GET", path.Join(elem[1], elem[2], "pulls", elem[4]))
|
||||||
|
resp = user2Session.MakeRequest(t, req, http.StatusOK)
|
||||||
|
htmlDoc := NewHTMLParser(t, resp.Body)
|
||||||
|
|
||||||
|
// Submit an approve review on the PR.
|
||||||
|
testSubmitReview(t, user2Session, htmlDoc.GetCSRF(), "user2", "repo1", elem[4], "approve", http.StatusUnprocessableEntity)
|
||||||
|
|
||||||
|
// Submit a reject review on the PR.
|
||||||
|
testSubmitReview(t, user2Session, htmlDoc.GetCSRF(), "user2", "repo1", elem[4], "reject", http.StatusUnprocessableEntity)
|
||||||
|
})
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func testSubmitReview(t *testing.T, session *TestSession, csrf, owner, repo, pullNumber, reviewType string, expectedSubmitStatus int) *httptest.ResponseRecorder {
|
||||||
|
options := map[string]string{
|
||||||
|
"_csrf": csrf,
|
||||||
|
"commit_id": "",
|
||||||
|
"content": "test",
|
||||||
|
"type": reviewType,
|
||||||
|
}
|
||||||
|
|
||||||
|
submitURL := path.Join(owner, repo, "pulls", pullNumber, "files", "reviews", "submit")
|
||||||
|
req := NewRequestWithValues(t, "POST", submitURL, options)
|
||||||
|
return session.MakeRequest(t, req, expectedSubmitStatus)
|
||||||
|
}
|
||||||
|
|
||||||
|
func testIssueClose(t *testing.T, session *TestSession, owner, repo, issueNumber string) *httptest.ResponseRecorder {
|
||||||
|
req := NewRequest(t, "GET", path.Join(owner, repo, "pulls", issueNumber))
|
||||||
|
resp := session.MakeRequest(t, req, http.StatusOK)
|
||||||
|
|
||||||
|
htmlDoc := NewHTMLParser(t, resp.Body)
|
||||||
|
closeURL := path.Join(owner, repo, "issues", issueNumber, "comments")
|
||||||
|
|
||||||
|
options := map[string]string{
|
||||||
|
"_csrf": htmlDoc.GetCSRF(),
|
||||||
|
"status": "close",
|
||||||
|
}
|
||||||
|
|
||||||
|
req = NewRequestWithValues(t, "POST", closeURL, options)
|
||||||
|
return session.MakeRequest(t, req, http.StatusOK)
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user