Implement URL namspacing and permissions checking for the reviews app.
Review Request #1813 — Created Oct. 5, 2010 and submitted — Latest diff uploaded
Implement URL namspacing and permissions checking for the reviews app.
This change adds LocalSite URL namespacing and permissions checking to the
reviewboard.reviews app. The namespacing is achieved via an optional item in the
URL which is parsed out in the initial regex, which will then be passed as an
optional parameter to any views referenced in reviews/urls.py.
The views then read that local_site_name variable and react accordingly. The
details of what "accordingly" means depends on the view.
When looking up a review request via its ID, if a local site name is given, that
ID is used to query the local_id field instead of the pk. This also verifies
that if a local_site_name is not given, but the review request has one assigned,
that addressing it by its pk will return 403.
For the new_review_request page, changes are:
- If a local site name is given and the requesting user isn't logged in or
doesn't have access, this will return a 403.
- If a local site name is not given, the NewReviewRequestForm will filter the
list of repositories to include only those which do not have an associated
LocalSite object.
- If a local site name is given, the NewReviewRequestForm will filter the
list of repositories to include only those which have the given site name.
For the review_detail page ("View Reviews"), changes are:
- Look up the review request according to the common lookup logic that takes
into account the local_site_name and logged in user.
For these pages,
- all_review_requests
- submitter_list
- group
- group_members
- submitter
changes are:
- Add support to ReviewRequestManager.public() to query only reviews with a
local_site_name
- Queries without a local_site_name will show all review requests that
likewise have no associated site. Queries with a name will only show the
relevant items on the dashboard.
For these pages,
- comment_diff_fragments
- delete_screenshot
- diff
- diff_fragment
- preview_reply_email
- preview_review_email
- preview_review_request_email
- raw_diff
- review_draft_inline_form
- search
- view_screenshot
changes are:
- Look up the review request according to the common lookup logic that takes
into account the local_site_name and logged in user.
I've also updated these:
- ReviewRequest.get_absolute_url
- Screenshot.get_absolute_url
- Group.get_absolute_url
Things left to do before this is ready:
- Fix search form ACTION url
- Fix sidebar links on dashboard
- Fix the review number inline on the page to use local_id
- Tested new review request page, looking at both the bare state and local-site specific ones to make sure the repositories listed were restricted as appropriate. - Tested creating new review requests. Verified that the correct local_site was set (whether named or None) and that the local_id was set properly in ascending order. - Tested that the new review request redirected to the correct location after creating a request with a local_site. - Tested local_id addressing and permissions for review requests, with both local_site set and not. - Tested local_site namespacing for the various pages of the dashboard view. - Tested local_site namespacing for group_list view. - Tested local_site namespacing for watched groups dashboard view. - Tested diff_fragment view. - Tested diff view. - Tested group_members view for both global and site-specific groups. - Tested review_draft_inline_form view. - Tested submitter_list view for both global and site-specific URLs. - Tested group view for both global and site-specific groups (and 404). - Tested all_review_requests view for both global and site-specific URLs. - Tested raw_diff view - Tested preview_review_request_email view - Tested view_screenshot view - Tested submitter view - Tested custom SQL for local_id incrementing across different local sites - Tested comment_diff_fragments view - Tested preview_review_email view - Tested preview_reply_email view - Tested delete_screenshot view - Tested local-site filtering of search results - Ran unit tests.