Branch: refs/heads/master Home: https://github.com/openSUSE/open-build-service Commit: b509e03c2eee6b39e0b6622de5201ad74fc305b5 https://github.com/openSUSE/open-build-service/commit/b509e03c2eee6b39e0b662... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-24 (Tue, 24 Jul 2018) Changed paths: M src/api/spec/factories/project.rb Log Message: ----------- [ci] Improve project factory * Allow adding a linked project to project factories * Use a valid project config xml file to store in the backend Co-authored-by: David Kang <dkang@suse.com> Commit: 15be5d2419387a14af2599d37810afd333291d02 https://github.com/openSUSE/open-build-service/commit/15be5d2419387a14af2599... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-24 (Tue, 24 Jul 2018) Changed paths: M src/api/app/models/bs_request_action.rb A src/api/spec/cassettes/BsRequest/_forward_to/with_a_project_as_parameter/does_not_set_the_sourceupdate.yml A src/api/spec/cassettes/BsRequest/creating_a_BsRequest_that_has_a_project_link/via_new/when_sourceupdate_is_not_set/1_11_1_4_1.yml A src/api/spec/cassettes/BsRequest/creating_a_BsRequest_that_has_a_project_link/via_new/when_sourceupdate_is_not_set_to_cleanup/1_11_1_1_1.yml A src/api/spec/cassettes/BsRequest/creating_a_BsRequest_that_has_a_project_link/via_new/when_sourceupdate_is_not_set_to_update/1_11_1_2_1.yml A src/api/spec/cassettes/BsRequest/creating_a_BsRequest_that_has_a_project_link/via_new/when_sourceupdate_is_set_to_noupdate/1_11_1_3_1.yml A src/api/spec/cassettes/BsRequest/creating_a_BsRequest_that_has_a_project_link/via_new_from_xml/1_11_2_1.yml A src/api/spec/cassettes/RequestController/_global_command_cmd_create_/requesting_creation_of_a_source_project_that_has_a_project_link_that_is_not_owned_by_the_requester/prohibits_creation_of_request.yml M src/api/spec/controllers/request_controller_spec.rb M src/api/spec/factories/attribs.rb M src/api/spec/models/bs_request_spec.rb A src/api/spec/support/shared_contexts/a_bsrequest_that_has_a_project_link.rb Log Message: ----------- [frontend] Extend permission check for requests with projects with link When a source project links to another project and the request is using the sourceupdate option, we have to ensure that the requester has permissions to change the linked project. Kudos goes to @marcus-h (Marcus Hüwe) for finding this ugly bug. Co-authored-by: David Kang <dkang@suse.com> Commit: 9aedb33c873f296ab7d3c04640f9e94973beb108 https://github.com/openSUSE/open-build-service/commit/9aedb33c873f296ab7d3c0... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-24 (Tue, 24 Jul 2018) Changed paths: M src/api/spec/controllers/request_controller_spec.rb Log Message: ----------- [ci] Make it more explicit that we test the request diff action Co-authored-by: David Kang <dkang@suse.com> Commit: c43e09d830dc7b7425050ccb0948e84757ab55b5 https://github.com/openSUSE/open-build-service/commit/c43e09d830dc7b7425050c... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-24 (Tue, 24 Jul 2018) Changed paths: M src/api/spec/controllers/request_controller_spec.rb Log Message: ----------- [ci] Add controller test for creating requests via API Add test case for bsc#1098934. Co-authored-by: David Kang <dkang@suse.com> Commit: 26d2bee94898754c97f9e753a618177c680e99eb https://github.com/openSUSE/open-build-service/commit/26d2bee94898754c97f9e7... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-24 (Tue, 24 Jul 2018) Changed paths: M src/api/app/controllers/webui/request_controller.rb M src/api/app/models/bs_request.rb M src/api/spec/cassettes/BsRequest/_forward_to/with_options/creates_a_submit_request_action_with_the_correct_target.yml A src/api/spec/cassettes/BsRequest/_forward_to/with_options/does_not_copy_the_sourceupdate_attribute.yml M src/api/spec/models/bs_request_spec.rb Log Message: ----------- [frontend] Ignore sourceupdate attrbibute for request forwarding Forwarded requests are made from projects that just have been updated. It doesn't make sense to update or clean them up once the forwarded request got updated. Commit: de2ca2880a3daf9dc6ac21329194c3ef2515a817 https://github.com/openSUSE/open-build-service/commit/de2ca2880a3daf9dc6ac21... Author: Marcus Huewe <suse-tux@gmx.de> Date: 2018-07-24 (Tue, 24 Jul 2018) Changed paths: M src/api/app/models/bs_request_action_submit.rb Log Message: ----------- [frontend] Recheck permissions in the InitializeDevelPackage attribute codepath This is needed because the target package could have been deleted after the previous check_action_permission! call. Commit: f57b660f49f830006766a8d4abc3b4af6e178063 https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8... Author: Marcus Huewe <suse-tux@gmx.de> Date: 2018-07-24 (Tue, 24 Jul 2018) Changed paths: M src/api/app/models/bs_request_action_submit.rb Log Message: ----------- Ignore a project link in BsRequestAction.check_action_permission! This makes sure that we check the permissions of the correct package. For instance, assume that the project "Staging" is a link project where the link points to the "Base" project. Also, assume that there exists a "Base/foo" package, but there exists no explicit "Staging/foo" package. Moreover, assume we check the permissions for the following "submit" action: <action type="submit"> <source project="Staging" package="foo"/> <target project="an_arbitrary_project" package="foo"/> </action> In this case, the old code checks if request acceptor can modify the "Base/foo" package (since it follows the project link). This is wrong because the "Staging/foo" package would be turned into a branch during accept. The new code checks the correct package because it does not follow the project link and requires that the source package exists in the source project. Requiring the existence of the source package potentially breaks artificial requests (for instance, a request where the "submit" action from above is preceded by a "submit" action that creates a "Staging/foo" package). Note: so far I was unable to exploit the old code - so this is just to avoid a potential future headache. Fixes: commit 990ef7ccc ("[api][webui] Check access to source package") Commit: 9e2cbcb47086281abc1030d227d9b648ba11168b https://github.com/openSUSE/open-build-service/commit/9e2cbcb47086281abc1030... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-24 (Tue, 24 Jul 2018) Changed paths: M src/api/app/controllers/webui/request_controller.rb M src/api/app/models/bs_request.rb M src/api/app/models/bs_request_action.rb M src/api/app/models/bs_request_action_submit.rb A src/api/spec/cassettes/BsRequest/_forward_to/with_a_project_as_parameter/does_not_set_the_sourceupdate.yml M src/api/spec/cassettes/BsRequest/_forward_to/with_options/creates_a_submit_request_action_with_the_correct_target.yml A src/api/spec/cassettes/BsRequest/_forward_to/with_options/does_not_copy_the_sourceupdate_attribute.yml A src/api/spec/cassettes/BsRequest/creating_a_BsRequest_that_has_a_project_link/via_new/when_sourceupdate_is_not_set/1_11_1_4_1.yml A src/api/spec/cassettes/BsRequest/creating_a_BsRequest_that_has_a_project_link/via_new/when_sourceupdate_is_not_set_to_cleanup/1_11_1_1_1.yml A src/api/spec/cassettes/BsRequest/creating_a_BsRequest_that_has_a_project_link/via_new/when_sourceupdate_is_not_set_to_update/1_11_1_2_1.yml A src/api/spec/cassettes/BsRequest/creating_a_BsRequest_that_has_a_project_link/via_new/when_sourceupdate_is_set_to_noupdate/1_11_1_3_1.yml A src/api/spec/cassettes/BsRequest/creating_a_BsRequest_that_has_a_project_link/via_new_from_xml/1_11_2_1.yml A src/api/spec/cassettes/RequestController/_global_command_cmd_create_/requesting_creation_of_a_source_project_that_has_a_project_link_that_is_not_owned_by_the_requester/prohibits_creation_of_request.yml M src/api/spec/controllers/request_controller_spec.rb M src/api/spec/factories/attribs.rb M src/api/spec/factories/project.rb M src/api/spec/models/bs_request_spec.rb A src/api/spec/support/shared_contexts/a_bsrequest_that_has_a_project_link.rb Log Message: ----------- Merge pull request #5456 from bgeuken/fix_link Fix link Compare: https://github.com/openSUSE/open-build-service/compare/9e02d3551915...9e2cbc... **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.