[openSUSE/open-build-service] 9177f0: Authorize comment `#create` api endpoint
![](https://seccdn.libravatar.org/avatar/9181eb84f9c35729a3bad740fb7f9d93.jpg?s=120&d=mm&r=g)
Branch: refs/heads/master Home: https://github.com/openSUSE/open-build-service Commit: 9177f0c5929a0670fe28acc853c289f24b397651 https://github.com/openSUSE/open-build-service/commit/9177f0c5929a0670fe28ac... Author: Lukas Krause <lkrause@suse.de> Date: 2024-03-07 (Thu, 07 Mar 2024) Changed paths: M src/api/app/controllers/comments_controller.rb Log Message: ----------- Authorize comment `#create` api endpoint Currently there is not authorization going on, in some cases the `CommentLockingValidator` still prevents comments from being created if permission is insufficient in certain cases. But some things are not handled, for example when a user is blocked for commenting. This should be handled on the controller level using our pundit policy. Commit: 414dd480399720448795c03efd7f9d0aa0033ae7 https://github.com/openSUSE/open-build-service/commit/414dd480399720448795c0... Author: Lukas Krause <lkrause@suse.de> Date: 2024-03-07 (Thu, 07 Mar 2024) Changed paths: M src/api/spec/policies/comment_policy_spec.rb Log Message: ----------- Create specs for comment `create?` pundit policy Commit: 31a1c845d0b846c5f9f761560c2f6de8c37dbe7e https://github.com/openSUSE/open-build-service/commit/31a1c845d0b846c5f9f761... Author: Lukas Krause <lkrause@suse.de> Date: 2024-03-13 (Wed, 13 Mar 2024) Changed paths: M src/api/app/controllers/comments_controller.rb M src/api/spec/policies/comment_policy_spec.rb Log Message: ----------- Merge pull request #15667 from krauselukas/authorize_create_comment_endpoint Authorize comment `#create` api endpoint Compare: https://github.com/openSUSE/open-build-service/compare/b192f9650ff4...31a1c8... To unsubscribe from these emails, change your notification settings at https://github.com/openSUSE/open-build-service/settings/notifications
participants (1)
-
Lukas Krause