| | Implement URL namspacing and permissions checking for the reviews app. |
| |
|
- | | This review request is a preview, based on
|
- | | http://reviews.reviewboard.org/r/1795/ . The "### RBCOMMONS" comments are
|
- | | temporary until I finish working through everything in this views.py file. |
- | |
|
| | This change adds LocalSite URL namespacing and permissions checking to the
|
| | reviewboard.reviews app. The namespacing is achieved via an optional item in the
|
| | URL which is parsed out in the initial regex, which will then be passed as an
|
| | optional parameter to any views referenced in reviews/urls.py. |
| |
|
| | The views then read that local_site_name variable and react accordingly. The
|
| | details of what "accordingly" means depends on the view. |
| |
|
| | When looking up a review request via its ID, if a local site name is given, that
|
| | ID is used to query the local_id field instead of the pk. This also verifies
|
| | that if a local_site_name is not given, but the review request has one assigned,
|
| | that addressing it by its pk will return 403. |
| |
|
| | For the new_review_request page, changes are:
|
| | - If a local site name is given and the requesting user isn't logged in or
|
| | doesn't have access, this will return a 403.
|
| | - If a local site name is not given, the NewReviewRequestForm will filter the
|
| | list of repositories to include only those which do not have an associated
|
| | LocalSite object.
|
| | - If a local site name is given, the NewReviewRequestForm will filter the
|
| | list of repositories to include only those which have the given site name. |
| |
|
| | For the review_detail page ("View Reviews"), changes are:
|
| | - Look up the review request according to the common lookup logic that takes
|
| | into account the local_site_name and logged in user. |
| |
|
~ | | For the all_review_requests page, changes are:
|
| ~ | For these pages,
|
| + | - all_review_requests
|
| + | - submitter_list
|
| + | - group
|
| + | - group_members
|
| + | - submitter
|
| + | changes are:
|
| | - Add support to ReviewRequestManager.public() to query only reviews with a
|
| | local_site_name
|
| | - Queries without a local_site_name will show all review requests that
|
| | likewise have no associated site. Queries with a name will only show the
|
| | relevant items on the dashboard. |
| |
|
| | For these pages,
|
| | - comment_diff_fragments
|
| | - delete_screenshot
|
| | - diff
|
| | - diff_fragment
|
| | - preview_reply_email
|
| | - preview_review_email
|
| | - preview_review_request_email
|
| | - raw_diff
|
| | - review_draft_inline_form
|
| | - search
|
| | - view_screenshot
|
| | changes are:
|
| | - Look up the review request according to the common lookup logic that takes
|
| | into account the local_site_name and logged in user. |
| |
|
| | I've also updated these:
|
| | - ReviewRequest.get_absolute_url |
| |
|
| | Things left to do before this is ready:
|
| | - Fix other URLs
|
~ | | - Implement local_site namespacing for dashboard and other views
|
| ~ | - Implement local_site namespacing for dashboard view
|
| | - Test review_draft_inline_form view
|
| | - Test all_review_requests view
|
| | - Test diff view
|
| | - Test raw_diff view
|
| | - Test comment_diff_fragments view
|
| | - Test diff_fragment view
|
| | - Test preview_review_request_email view
|
| | - Test preview_review_email view
|
| | - Test preview_reply_email view
|
| | - Test delete_screenshot view
|
| | - Test view_screenshot view
|
~ | | - Test search view |
| ~ | - Test submitter_list view
|
| + | - Test group view
|
| + | - Test group_members view
|
| + | - Test submitter view
|
| + | - Test search view
|
| + | - Fix up any uses of Group.objects.get(name='...') to include local_site |