This change has been marked as completed.

Describe the completed change (optional):

Pushed to release-7.x (8ea48b9)

Summary

Clarify access model in ReviewRequest.get_draft().

Review Request #14011 — Created July 3, 2024 and submitted 9 months, 2 weeks ago — Latest diff uploaded 10 months ago

Information

Owner

david*

Repository

Review Board

Branch

release-7.x

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description*

Our get_draft() method has two modes. If no arguments are given, it

will always return the existing draft. If a user was passed in, we'd

return the draft only if the review request was owned by that user.
In some places, we were fetching the draft using the no-args version and

then doing our own access control checks. We also had at least one bug

that I remember where we were passing the user in and it broke the

ability for admins to reassign review requests, because we weren't

fetching the draft for them in the publish operation. This inconsistency

was also making it so we were showing admins the draft data, but they

were unable to load draft diff fragments.
This change makes it so when passing a user in to get_draft(), we will

return the draft if that user has access to the draft, not just if it

matches the owner of the review request.

Testing Done


Ran js-tests.
Verified that as an admin I could now view all draft data on a

  review request owned by another user.
Audited calls to get_draft() to ensure that everything was using it in

  the correct way.

Diff Revision 2

This is not the most recent revision of the diff. The latest diff is revision 4. See what's changed.

orig

Commits

First	Last	Summary	ID	Author
		Clarify access model in ReviewRequest.get_draft(). Our `get_draft()` method has two modes. If no arguments are given, it will always return the existing draft. If a user was passed in, we'd return the draft only if the review request was owned by that user. In some places, we were fetching the draft using the no-args version and then doing our own access control checks. We also had at least one bug that I remember where we were passing the user in and it broke the ability for admins to reassign review requests, because we weren't fetching the draft for them in the publish operation. This inconsistency was also making it so we were showing admins the draft data, but they were unable to load draft diff fragments. This change makes it so when passing a user in to get_draft(), we will return the draft if that user has access to the draft, not just if it matches the owner of the review request. Testing Done: - Ran js-tests. - Verified that as an admin I could now view all draft data on a review request owned by another user. - Audited calls to get_draft() to ensure that everything was using it in the correct way.	e22a963662c650219be81846b2e7edcbca8bedbd	David Trowbridge

Files

	reviewboard/diffviewer/views.py
	reviewboard/reviews/detail.py
	reviewboard/reviews/models/review_request.py
	reviewboard/reviews/models/review_request_draft.py
	reviewboard/reviews/views/diff_fragments.py
	reviewboard/reviews/views/diffviewer.py
	reviewboard/webapi/resources/review_request_draft.py
	reviewboard/webapi/tests/test_review_request_draft.py

reviewboard/diffviewer/views.py

reviewboard/reviews/detail.py

reviewboard/reviews/models/review_request.py

reviewboard/reviews/models/review_request_draft.py

reviewboard/reviews/views/diff_fragments.py

reviewboard/reviews/views/diffviewer.py

reviewboard/webapi/resources/review_request_draft.py

reviewboard/webapi/tests/test_review_request_draft.py