@@ -633,7 +633,6 @@ def create_expand_package(packages, opts = {})
633633 def check_action_permission! ( skip_source = nil )
634634 # find objects if specified or report error
635635 role = nil
636- sprj = nil
637636 if person_name
638637 # validate user object
639638 User . not_deleted . find_by! ( login : person_name )
@@ -647,8 +646,19 @@ def check_action_permission!(skip_source = nil)
647646 role = Role . find_by_title! ( self . role )
648647 end
649648
649+ sprj = nil
650650 sprj = check_action_permission_source! unless skip_source
651- tprj = check_action_permission_target!
651+
652+ tprj = nil
653+ tprj = Project . get_by_name ( target_project ) if target_project # read authorization
654+
655+ check_target_project_obs_reject_requests_attribute
656+ check_target_project_maintenance_release_attribute
657+ check_target_project_scmsync
658+
659+ check_target_package_read_access
660+ check_target_package_obs_reject_requests_attribute
661+ check_target_package_scmsync
652662
653663 # Type specific checks
654664 if %i[ delete add_role set_bugowner ] . include? ( action_type )
@@ -946,46 +956,54 @@ def check_action_permission_source!
946956 sprj
947957 end
948958
949- def check_action_permission_target!
950- return unless target_project
959+ def check_target_project_maintenance_release_attribute
960+ nil # only checked in BsRequestActionSubmit...
961+ end
951962
952- tprj = Project . get_by_name ( target_project )
953- if tprj . is_a? ( Project )
954- if tprj . maintenance_release? && action_type == :submit &&
955- !tprj . find_attribute ( 'OBS' , 'AllowSubmitToMaintenanceRelease' )
956- raise SubmitRequestRejected , "The target project #{ target_project } \
957- 'a submit self is not possible, please use the maintenance workflow instead.'
958- end
963+ def check_target_project_scmsync
964+ return unless target_project_object
965+ return if target_project_object . scmsync . blank?
959966
960- if tprj . scmsync . present?
961- raise RequestRejected ,
962- "The target project #{ target_project } #{ tprj . scmsync }
963- end
967+ raise RequestRejected , "The target project #{ target_project } #{ target_project_object . scmsync }
968+ end
964969
965- a = tprj . find_attribute ( 'OBS' , 'RejectRequests' )
966- raise RequestRejected , "The target project #{ target_project } #{ a . values . first . value } if a && a . values . first && ( a . values . length < 2 || a . values . find_by_value ( action_type ) )
967- end
968- if target_package
969- if Package . exists_by_project_and_name ( target_project , target_package ) ||
970- action_type . in? ( %i[ delete change_devel add_role set_bugowner ] )
971- tpkg = Package . get_by_project_and_name ( target_project , target_package )
972- end
970+ def check_target_project_obs_reject_requests_attribute
971+ return unless target_project_object
973972
974- if defined? ( tpkg ) && tpkg
975- if tpkg . scmsync . present?
976- raise RequestRejected ,
977- "The target package #{ target_project } #{ target_package } is managed in an external SCM: #{ tpkg . scmsync } "
978- end
973+ obs_reject_requests_attribute = target_project_object . find_attribute ( 'OBS' , 'RejectRequests' )
974+ return unless obs_reject_requests_attribute
975+ return unless obs_reject_requests_attribute . values . first
976+ # FIXME: What's the significance of only one value? How do you reject only one action_type?
977+ return unless obs_reject_requests_attribute . values . length < 2 || obs_reject_requests_attribute . values . find_by_value ( action_type )
979978
980- a = tpkg . find_attribute ( 'OBS' , 'RejectRequests' )
981- if a && a . values . first && ( a . values . length < 2 || a . values . find_by_value ( action_type ) )
982- raise RequestRejected , "The target package #{ target_project } #{ target_package } \
983- "requests because: #{ a . values . first . value }
984- end
985- end
986- end
979+ raise RequestRejected , "The target project #{ target_project } #{ obs_reject_requests_attribute . values . first . value }
980+ end
981+
982+ def check_target_package_read_access
983+ return unless target_project && target_package
984+ return unless Package . exists_by_project_and_name ( target_project , target_package ) || action_type . in? ( %i[ delete change_devel add_role set_bugowner ] )
985+
986+ Package . get_by_project_and_name ( target_project , target_package )
987+ end
988+
989+ def check_target_package_obs_reject_requests_attribute
990+ return unless target_package_object
991+
992+ obs_reject_requests_attribute = target_package_object . find_attribute ( 'OBS' , 'RejectRequests' )
993+ return unless obs_reject_requests_attribute
994+ return unless obs_reject_requests_attribute . values . first
995+ # FIXME: What's the significance of only one value? How do you reject only one action_type?
996+ return unless obs_reject_requests_attribute . values . length < 2 || obs_reject_requests_attribute . values . find_by_value ( action_type )
997+
998+ raise RequestRejected , "The target package #{ target_project } #{ target_package } #{ obs_reject_requests_attribute . values . first . value }
999+ end
1000+
1001+ def check_target_package_scmsync
1002+ return unless target_package_object
1003+ return if target_package_object . scmsync . blank?
1004+ return if action_type . in? ( %i[ delete change_devel add_role set_bugowner ] )
9871005
988- tprj
1006+ raise RequestRejected , "The target package #{ target_project } #{ target_package } is managed in an external SCM: #{ tpkg . scmsync } "
9891007 end
9901008
9911009 def check_permissions!
0 commit comments