Branch: refs/heads/master
Home: https://github.com/openSUSE/open-build-service
Commit: 09efb5ba1ce88597a1759b1212147a0874127a49
https://github.com/openSUSE/open-build-service/commit/09efb5ba1ce88597a1759b...
Author: Lukas Krause
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M src/api/app/controllers/webui/users_controller.rb
M src/api/app/policies/webui/user_policy.rb
Log Message:
-----------
Move user update authorization to pundit policy
This moves the authorization of updating a user to pundit and
seperates the authorization logic for blocking users from commenting.
The reasoning is that it got a little confusing.
The previous authorization condition in the the case of submitting
the form to block a user from commenting, was checking for the presence
of the `:blocked_for_commenting` parameter and the that the user
is a moderator.
The problem is, you could potentially sneak in more parameters and
the authorization would still be truthy and therefore update other user
attributes. To prevent this from happening we strictly should only
toggle the `:blocked_from_commenting` column and ignore all other
attributes.
Commit: b1a2fd84b4684fdeb9fd133ee500381775b948c3
https://github.com/openSUSE/open-build-service/commit/b1a2fd84b4684fdeb9fd13...
Author: Lukas Krause
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M src/api/spec/policies/webui/user_policy_spec.rb
Log Message:
-----------
Create specs for `#update?` and `#block_commenting?` user policies
Commit: 50e26375fef6bc68f84457185e95327160d2da7d
https://github.com/openSUSE/open-build-service/commit/50e26375fef6bc68f84457...
Author: Lukas Krause
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M src/api/app/controllers/webui/users_controller.rb
Log Message:
-----------
Remove redundant condition from users controller update
This is already checked in the pundit policy. No need to do this twice.
Commit: 860be2f472ec6848a7efb7d38b0b867f025aaef2
https://github.com/openSUSE/open-build-service/commit/860be2f472ec6848a7efb7...
Author: Lukas Krause
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M src/api/spec/controllers/webui/users_controller_spec.rb
Log Message:
-----------
Adapt users controller spec
Commit: 6312cd6c403790c5cebf49cc4bc64c4c452b511a
https://github.com/openSUSE/open-build-service/commit/6312cd6c403790c5cebf49...
Author: Lukas Krause
Date: 2024-03-04 (Mon, 04 Mar 2024)
Changed paths:
M src/api/app/controllers/webui/users_controller.rb
M src/api/app/policies/webui/user_policy.rb
M src/api/spec/controllers/webui/users_controller_spec.rb
M src/api/spec/policies/webui/user_policy_spec.rb
Log Message:
-----------
Merge pull request #15702 from krauselukas/move_user_update_authorization_to_pundit
Move user update authorization to pundit
Compare: https://github.com/openSUSE/open-build-service/compare/3e7b666fddb0...6312cd...
To unsubscribe from these emails, change your notification settings at https://github.com/openSUSE/open-build-service/settings/notifications