Mercurial > p > roundup > code
view detectors/creator_resolution.py @ 6681:ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
We now have an allow list to filter the hosts allowed to do api
requests. An element of this allow list must match the http ORIGIN
header exactly or the rest/xmlrpc CORS request will result in an
error.
The tracker host is always allowed to do a request.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 17 May 2022 17:18:51 -0400 |
| parents | 0942fe89e82e |
| children |
line wrap: on
line source
# This detector was written by richard@mechanicalcat.net and it's been # placed in the Public Domain. Copy and modify to your heart's content. from roundup.exceptions import Reject def creator_resolution(db, cl, nodeid, newvalues): '''Catch attempts to set the status to "resolved" - if the assignedto user isn't the creator, then set the status to "in-progress" (try "confirm-done" first though, but "classic" Roundup doesn't have that status) ''' if 'status' not in newvalues: return # get the resolved state ID resolved_id = db.status.lookup('resolved') if newvalues['status'] != resolved_id: return # check the assignedto assignedto = newvalues.get('assignedto', cl.get(nodeid, 'assignedto')) creator = cl.get(nodeid, 'creator') if assignedto == creator: if db.getuid() != creator: name = db.user.get(creator, 'username') raise Reject('Only the creator (%s) may close this issue'%name) return # set the assignedto and status newvalues['assignedto'] = creator try: status = db.status.lookup('confirm-done') except KeyError: status = db.status.lookup('in-progress') newvalues['status'] = status def init(db): db.issue.audit('set', creator_resolution) # vim: set filetype=python ts=4 sw=4 et si