Disallow creating review requests against other users' changesets

Review Request #35 — Created May 28, 2007 and submitted

Information

Review Board SVN (deprecated)
trunk
35

Reviewers

At the moment, it's possible to create a review request against
any changeset (with the perforce backend).  If one person
creates a review against another person's changeset number, that
will then prevent the owning user from creating a request.

Since perforce changelists include usernames, it's not hard to
parse this out before we create anything in the database and
check it against the logged-in user.

Part of this change also fixes a bug in the "New Review Request"
form where the selected repository was not being marked as such
if there was an error.
Tried creating a review request against public.perforce.com with
a random change number and my local user ("david").  Got expected
error message.
chipx86
  1. Looks good. A few things, though.
  2. trunk/reviewboard/reviews/forms.py (Diff revision 2)
     
     
     
     
     
     
     
     
     
    We should probably check that there actually is a changeset username set to compare against. Right now we have Perforce support for this, but what about SVN/CVS?
    
    We also have a potential future issue where account usernames won't patch changeset usernames. At that point, we might want to provide some repository auth table with a foreign key to the repository, another to the user, and a username.
    1. You mean "match changeset usernames"?  I think for now,
      it's safe to assume that someone's perforce username
      will match their NIS/LDAP username.  We can cross that
      bridge later if anyone comes to it ;)
    2. Fair enough. Ship it.
  3. trunk/reviewboard/reviews/forms.py (Diff revision 2)
     
     
    "The selected file..." is nicer to read.
    
    Also, this does not end in a period, whereas the other error does.
  4. 
      
Loading...