Summary

Disallow creating review requests against other users' changesets

Review Request #35 — Created May 28, 2007 and submitted

Information

Owner

david

Repository

Review Board SVN (deprecated)

Branch

trunk

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description

At the moment, it's possible to create a review request against
any changeset (with the perforce backend).  If one person
creates a review against another person's changeset number, that
will then prevent the owning user from creating a request.

Since perforce changelists include usernames, it's not hard to
parse this out before we create anything in the database and
check it against the logged-in user.

Part of this change also fixes a bug in the "New Review Request"
form where the selected repository was not being marked as such
if there was an error.

Testing Done

Tried creating a review request against public.perforce.com with
a random change number and my local user ("david").  Got expected
error message.

```
Looks good. A few things, though.
```

trunk/reviewboard/reviews/forms.py (Diff revision 2)

We should probably check that there actually is a changeset username set to compare against. Right now we have Perforce support for this, but what about SVN/CVS?

We also have a potential future issue where account usernames won't patch changeset usernames. At that point, we might want to provide some repository auth table with a foreign key to the repository, another to the user, and a username.

david May 28, 2007, 11:42 a.m.

You mean "match changeset usernames"?  I think for now,
it's safe to assume that someone's perforce username
will match their NIS/LDAP username.  We can cross that
bridge later if anyone comes to it ;)

chipx86 May 28, 2007, 11:52 a.m.
```
Fair enough. Ship it.
```

trunk/reviewboard/reviews/forms.py (Diff revision 2)

"The selected file..." is nicer to read.

Also, this does not end in a period, whereas the other error does.