Branch: refs/heads/2.9 Home: https://github.com/openSUSE/open-build-service Commit: ba8216e05828f093249e15be422b20e27cb4c0ea https://github.com/openSUSE/open-build-service/commit/ba8216e05828f093249e15... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-04 (Wed, 04 Jul 2018) Changed paths: M src/api/app/models/user.rb Log Message: ----------- [frontend] Add User#can_modify? method We have a couple of code pathes in OBS that operate on both, projects and packages. So we end up many times having to check whether we have to run a permission check on an a project or package. This commit adds a method that calls can_modify_package? or can_modify_project? depending on the given object class. Commit: 6cab8ae038e035c66bc794099a35045fbca30543 https://github.com/openSUSE/open-build-service/commit/6cab8ae038e035c66bc794... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-04 (Wed, 04 Jul 2018) Changed paths: M src/api/spec/factories/project.rb Log Message: ----------- [ci] Improve project factory * Allow adding a linked project to project factories * Use a valid project config xml file to store in the backend Co-authored-by: David Kang <dkang@suse.com> Commit: 0db39769ea40e8b7812448f0e2c21acf85a1317e https://github.com/openSUSE/open-build-service/commit/0db39769ea40e8b7812448... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-23 (Mon, 23 Jul 2018) Changed paths: M src/api/app/models/bs_request_action.rb A src/api/spec/cassettes/RequestController/_global_command_cmd_create_/requesting_creation_of_a_source_project_that_has_a_project_link_that_is_not_owned_by_the_requester/prohibits_creation_of_request.yml A src/api/spec/cassettes/Requests/decline/does_not_set_the_sourceupdate.yml M src/api/spec/factories/attribs.rb A src/api/spec/support/shared_contexts/a_bsrequest_that_has_a_project_link.rb Log Message: ----------- [frontend] Extend permission check for requests with projects with link When a source project links to another project and the request is using the sourceupdate option, we have to ensure that the requester has permissions to change the linked project. Kudos goes to @marcus-h (Marcus Hüwe) for finding this ugly bug. Co-authored-by: David Kang <dkang@suse.com> Commit: ba46422c863ad071aefddd5b44a23f78cce5dc31 https://github.com/openSUSE/open-build-service/commit/ba46422c863ad071aefddd... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-23 (Mon, 23 Jul 2018) Changed paths: A src/api/spec/controllers/request_controller_spec.rb Log Message: ----------- [ci] Add controller test for creating requests via API Add test case for bsc#1098934. Co-authored-by: David Kang <dkang@suse.com> Commit: 40d7c60b8c291bee867264732da7ce8e56ea30d9 https://github.com/openSUSE/open-build-service/commit/40d7c60b8c291bee867264... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-23 (Mon, 23 Jul 2018) Changed paths: M src/api/app/controllers/webui/request_controller.rb Log Message: ----------- [frontend] Ignore sourceupdate attrbibute for request forwarding Forwarded requests are made from projects that just have been updated. It doesn't make sense to update or clean them up once the forwarded request got updated. Commit: 9c5f51af1e3a923dab459f271581cd7d58144d84 https://github.com/openSUSE/open-build-service/commit/9c5f51af1e3a923dab459f... Author: Marcus Huewe <suse-tux@gmx.de> Date: 2018-07-23 (Mon, 23 Jul 2018) Changed paths: M src/api/app/models/bs_request_action_submit.rb Log Message: ----------- [frontend] Recheck permissions in the InitializeDevelPackage attribute codepath This is needed because the target package could have been deleted after the previous check_action_permission! call. Commit: 0e9ce6709e5745bb26f824d16c029c52d52e2937 https://github.com/openSUSE/open-build-service/commit/0e9ce6709e5745bb26f824... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-24 (Tue, 24 Jul 2018) Changed paths: A ReleaseNotes-2.9.4 Log Message: ----------- Add release notes for 2.9.4 Commit: bc051893bae8f8cb331fee5d91f4b16eb99d7bcb https://github.com/openSUSE/open-build-service/commit/bc051893bae8f8cb331fee... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-24 (Tue, 24 Jul 2018) Changed paths: M src/api/Gemfile.lock Log Message: ----------- [frontend] Update sprockets to version 3.7.2 This is needed to address CVE-2018-3760. https://groups.google.com/forum/#!topic/rubyonrails-security/ft_J--l55fM Commit: ba1b692293bdef5afd46b9904052ee5072bc85c5 https://github.com/openSUSE/open-build-service/commit/ba1b692293bdef5afd46b9... Author: Björn Geuken <bgeuken@suse.de> Date: 2018-07-24 (Tue, 24 Jul 2018) Changed paths: A ReleaseNotes-2.9.4 M src/api/Gemfile.lock M src/api/app/controllers/webui/request_controller.rb M src/api/app/models/bs_request_action.rb M src/api/app/models/bs_request_action_submit.rb M src/api/app/models/user.rb A src/api/spec/cassettes/RequestController/_global_command_cmd_create_/requesting_creation_of_a_source_project_that_has_a_project_link_that_is_not_owned_by_the_requester/prohibits_creation_of_request.yml A src/api/spec/cassettes/Requests/decline/does_not_set_the_sourceupdate.yml A src/api/spec/controllers/request_controller_spec.rb M src/api/spec/factories/attribs.rb M src/api/spec/factories/project.rb A src/api/spec/support/shared_contexts/a_bsrequest_that_has_a_project_link.rb Log Message: ----------- Merge pull request #5457 from bgeuken/fix_link_2_9 Fix link 2 9 Compare: https://github.com/openSUSE/open-build-service/compare/10f6b8fda18d...ba1b69... **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.