diff --git a/pagure/api/__init__.py b/pagure/api/__init__.py
index 0f006fe..0540acd 100644
--- a/pagure/api/__init__.py
+++ b/pagure/api/__init__.py
@@ -103,6 +103,7 @@ class APIERROR(enum.Enum):
'this action'
ENOSIGNEDOFF = 'This repo enforces that all commits are signed off ' \
'by their author.'
+ ETRACKERREADONLY = 'The issue tracker of this project is read-only'
def get_authorized_api_project(session, repo, user=None, namespace=None):
diff --git a/pagure/api/issue.py b/pagure/api/issue.py
index bf41220..765947e 100644
--- a/pagure/api/issue.py
+++ b/pagure/api/issue.py
@@ -64,6 +64,12 @@ def _check_issue_tracker(repo):
raise pagure.exceptions.APIError(
404, error_code=APIERROR.ETRACKERDISABLED)
+ # forbid all POST requests if the issue tracker is made read-only
+ if flask.request.method == 'POST' and \
+ repo.settings.get('issue_tracker_read_only', False):
+ raise pagure.exceptions.APIError(
+ 401, error_code=APIERROR.ETRACKERREADONLY)
+
def _check_token(repo, project_token=True):
"""Check if token is valid for the repo
diff --git a/pagure/decorators.py b/pagure/decorators.py
index a894eef..5e65215 100644
--- a/pagure/decorators.py
+++ b/pagure/decorators.py
@@ -26,6 +26,10 @@ def has_issue_tracker(function):
repo = flask.g.repo
if not repo.settings.get('issue_tracker', True):
flask.abort(404, 'No issue tracker found for this project')
+ # forbid all POST requests if the issue tracker is made read-only
+ if flask.request.method == 'POST' and \
+ repo.settings.get('issue_tracker_read_only', False):
+ flask.abort(401, 'The issue tracker for this project is read-only')
return function(*args, **kwargs)
return check_issue_tracker
diff --git a/pagure/lib/model.py b/pagure/lib/model.py
index 6d2de48..2d35c6c 100644
--- a/pagure/lib/model.py
+++ b/pagure/lib/model.py
@@ -546,6 +546,7 @@ class Project(BASE):
'roadmap_on_issues_page': False,
'notify_on_pull-request_flag': False,
'notify_on_commit_flag': False,
+ 'issue_tracker_read_only': False,
}
if self._settings:
diff --git a/pagure/templates/issue.html b/pagure/templates/issue.html
index 1bfd757..d0dec58 100644
--- a/pagure/templates/issue.html
+++ b/pagure/templates/issue.html
@@ -80,7 +80,7 @@ namespace=repo.namespace, repo=repo.name, issueid=issueid)
+ {% elif g.authenticated and form and repo.settings.get('issue_tracker_read_only', False) %}
+
+ This issue tracker is read-only.
+
{% else %}
Login
@@ -203,7 +207,8 @@ namespace=repo.namespace, repo=repo.name, issueid=issueid)
unassigned
{% endif %}
{% if g.authenticated and g.repo_user and issue.status|lower == 'open'
- and (not issue.assignee or issue.assignee.username != g.fas_user.username) %}
+ and (not issue.assignee or issue.assignee.username != g.fas_user.username)
+ and not repo.settings.get('issue_tracker_read_only', False) %}
Take
@@ -324,7 +329,8 @@ namespace=repo.namespace, repo=repo.name, issueid=issueid)
Cancel
- {% if g.authenticated and (g.repo_user or g.fas_user.username == issue.user.user) %}
+ {% if g.authenticated and (g.repo_user or g.fas_user.username == issue.user.user)
+ and not repo.settings.get('issue_tracker_read_only', False) %}
Edit Metadata
@@ -439,7 +445,7 @@ namespace=repo.namespace, repo=repo.name, issueid=issueid)
cancel
- {% if g.authenticated and g.repo_user %}
+ {% if g.authenticated and g.repo_user and not repo.settings.get('issue_tracker_read_only', False) %}
Edit Metadata
diff --git a/pagure/templates/repo_master.html b/pagure/templates/repo_master.html
index c9bce25..e817f5f 100644
--- a/pagure/templates/repo_master.html
+++ b/pagure/templates/repo_master.html
@@ -63,7 +63,8 @@
diff --git a/tests/test_pagure_flask_api_group.py b/tests/test_pagure_flask_api_group.py
index f6a793e..b1b6bf6 100644
--- a/tests/test_pagure_flask_api_group.py
+++ b/tests/test_pagure_flask_api_group.py
@@ -321,6 +321,7 @@ class PagureFlaskApiGroupTests(tests.SimplePagureTest):
"always_merge": False,
"fedmsg_notifications": True,
"issue_tracker": True,
+ "issue_tracker_read_only": False,
"issues_default_to_private": False,
"notify_on_commit_flag": False,
"notify_on_pull-request_flag": False,
@@ -418,6 +419,7 @@ class PagureFlaskApiGroupTests(tests.SimplePagureTest):
"always_merge": False,
"fedmsg_notifications": True,
"issue_tracker": True,
+ "issue_tracker_read_only": False,
"issues_default_to_private": False,
"notify_on_commit_flag": False,
"notify_on_pull-request_flag": False,
@@ -508,6 +510,7 @@ class PagureFlaskApiGroupTests(tests.SimplePagureTest):
"always_merge": False,
"fedmsg_notifications": True,
"issue_tracker": True,
+ "issue_tracker_read_only": False,
"issues_default_to_private": False,
"notify_on_commit_flag": False,
"notify_on_pull-request_flag": False,
diff --git a/tests/test_pagure_flask_api_user.py b/tests/test_pagure_flask_api_user.py
index cc7d454..e16a723 100644
--- a/tests/test_pagure_flask_api_user.py
+++ b/tests/test_pagure_flask_api_user.py
@@ -132,6 +132,7 @@ class PagureFlaskApiUSertests(tests.Modeltests):
"always_merge": False,
"fedmsg_notifications": True,
"issue_tracker": True,
+ "issue_tracker_read_only": False,
"issues_default_to_private": False,
"notify_on_commit_flag": False,
"notify_on_pull-request_flag": False,
@@ -185,6 +186,7 @@ class PagureFlaskApiUSertests(tests.Modeltests):
"always_merge": False,
"fedmsg_notifications": True,
"issue_tracker": True,
+ "issue_tracker_read_only": False,
"issues_default_to_private": False,
"notify_on_commit_flag": False,
"notify_on_pull-request_flag": False,
@@ -237,6 +239,7 @@ class PagureFlaskApiUSertests(tests.Modeltests):
"always_merge": False,
"fedmsg_notifications": True,
"issue_tracker": True,
+ "issue_tracker_read_only": False,
"issues_default_to_private": False,
"notify_on_commit_flag": False,
"notify_on_pull-request_flag": False,
diff --git a/tests/test_pagure_flask_ui_issues_read_only.py b/tests/test_pagure_flask_ui_issues_read_only.py
new file mode 100644
index 0000000..689324d
--- /dev/null
+++ b/tests/test_pagure_flask_ui_issues_read_only.py
@@ -0,0 +1,370 @@
+# -*- coding: utf-8 -*-
+
+"""
+ (c) 2018 - Copyright Red Hat Inc
+
+ Authors:
+ Pierre-Yves Chibon
+
+"""
+
+from __future__ import unicode_literals
+
+import json
+import unittest
+import sys
+import os
+
+from mock import patch, MagicMock
+
+sys.path.insert(0, os.path.join(os.path.dirname(
+ os.path.abspath(__file__)), '..'))
+
+import pagure # noqa
+import pagure.lib # noqa
+import tests # noqa
+
+
+class PagureFlaskIssuesReadOnlytests(tests.Modeltests):
+ """ Tests for flask issues controller of pagure with read-only tickets
+ """
+
+ @patch('pagure.lib.notify.send_email', MagicMock(return_value=True))
+ def setUp(self):
+ """ Set up the environnment, ran before every tests. """
+ super(PagureFlaskIssuesReadOnlytests, self).setUp()
+
+ tests.create_projects(self.session)
+ tests.create_projects_git(os.path.join(self.path, 'repos'))
+
+ # Make the project's issue tracker read-only
+ repo = pagure.lib.get_authorized_project(self.session, 'test')
+ settings = repo.settings
+ settings['issue_tracker_read_only'] = True
+ repo.settings = settings
+ self.session.add(repo)
+ self.session.commit()
+
+ # Create a couple of issue
+ msg = pagure.lib.new_issue(
+ session=self.session,
+ repo=repo,
+ title='Test issue #1',
+ content='We should work on this for the second time',
+ user='foo',
+ status='Open',
+ private=True,
+ ticketfolder=None
+ )
+ self.session.commit()
+ self.assertEqual(msg.title, 'Test issue #1')
+
+ msg = pagure.lib.new_issue(
+ session=self.session,
+ repo=repo,
+ title='Test issue #2',
+ content='We should work on this for the second time',
+ user='foo',
+ status='Open',
+ private=False,
+ ticketfolder=None
+ )
+ self.session.commit()
+ self.assertEqual(msg.title, 'Test issue #2')
+
+ def test_issue_list_authenticated_commit(self):
+ """ Test the list of issues when user is authenticated and has
+ access to the project.
+ """
+
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.get('/test/issues')
+ self.assertEqual(output.status_code, 200)
+ output_text = output.get_data(as_text=True)
+ self.assertIn(
+ 'Issues - test - Pagure ', output_text)
+ self.assertIn(
+ '\n 2 Open Issues', output_text)
+
+ def test_field_comment(self):
+ """ Test if the field commit is present on the issue page.
+ """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.get('/test/issue/1')
+ self.assertEqual(output.status_code, 200)
+ output_text = output.get_data(as_text=True)
+ self.assertIn(
+ 'Issue #1: Test issue #1 - test - Pagure ',
+ output_text)
+ self.assertNotIn(
+ 'value="Update Issue" title="Comment and Update Metadata" '
+ 'tabindex=2 />', output_text)
+ self.assertIn(
+ 'This issue tracker is read-only.', output_text)
+
+ def test_update_ticket(self):
+ """ Test updating a ticket.
+ """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post(
+ '/test/issue/1/update', data={}, follow_redirects=True)
+ self.assertEqual(output.status_code, 401)
+ output_text = output.get_data(as_text=True)
+ self.assertIn(
+ 'Unauthorized :\'( - Pagure ', output_text)
+ self.assertIn(
+ ' The issue tracker for this project is read-only
',
+ output_text)
+
+ def test_edit_comment(self):
+ """ Test editing a comment from a ticket.
+ """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post(
+ '/test/issue/1/comment/1/edit', data={},
+ follow_redirects=True)
+ self.assertEqual(output.status_code, 401)
+ output_text = output.get_data(as_text=True)
+ self.assertIn(
+ 'Unauthorized :\'( - Pagure ', output_text)
+ self.assertIn(
+ 'The issue tracker for this project is read-only
',
+ output_text)
+
+ def test_edit_ticket(self):
+ """ Test editing a ticket.
+ """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post(
+ '/test/issue/1/edit', data={}, follow_redirects=True)
+ self.assertEqual(output.status_code, 401)
+ output_text = output.get_data(as_text=True)
+ self.assertIn(
+ 'Unauthorized :\'( - Pagure ', output_text)
+ self.assertIn(
+ 'The issue tracker for this project is read-only
',
+ output_text)
+
+ def test_edit_tag(self):
+ """ Test editing a ticket tag.
+ """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/test/tag/tag1/edit', data={})
+ self.assertEqual(output.status_code, 401)
+ output_text = output.get_data(as_text=True)
+ self.assertIn(
+ 'Unauthorized :\'( - Pagure ', output_text)
+ self.assertIn(
+ 'The issue tracker for this project is read-only
',
+ output_text)
+
+ def test_update_tags(self):
+ """ Test updating a ticket tag.
+ """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/test/update/tags', data={})
+ self.assertEqual(output.status_code, 401)
+ output_text = output.get_data(as_text=True)
+ self.assertIn(
+ 'Unauthorized :\'( - Pagure ', output_text)
+ self.assertIn(
+ 'The issue tracker for this project is read-only
',
+ output_text)
+
+ def test_drop_tags(self):
+ """ Test dropping a ticket tag.
+ """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/test/droptag/', data={})
+ self.assertEqual(output.status_code, 401)
+ output_text = output.get_data(as_text=True)
+ self.assertIn(
+ 'Unauthorized :\'( - Pagure ', output_text)
+ self.assertIn(
+ 'The issue tracker for this project is read-only
',
+ output_text)
+
+ def test_new_issue(self):
+ """ Test creating a new ticket.
+ """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/test/new_issue/', data={})
+ self.assertEqual(output.status_code, 401)
+ output_text = output.get_data(as_text=True)
+ self.assertIn(
+ 'Unauthorized :\'( - Pagure ', output_text)
+ self.assertIn(
+ 'The issue tracker for this project is read-only
',
+ output_text)
+
+ def test_deleting_issue(self):
+ """ Test deleting a new ticket.
+ """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/test/issue/1/drop', data={})
+ self.assertEqual(output.status_code, 401)
+ output_text = output.get_data(as_text=True)
+ self.assertIn(
+ 'Unauthorized :\'( - Pagure ', output_text)
+ self.assertIn(
+ 'The issue tracker for this project is read-only
',
+ output_text)
+
+ def test_uploading_to_issue(self):
+ """ Test uploading to a new ticket.
+ """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/test/issue/1/upload', data={})
+ self.assertEqual(output.status_code, 401)
+ output_text = output.get_data(as_text=True)
+ self.assertIn(
+ 'Unauthorized :\'( - Pagure ', output_text)
+ self.assertIn(
+ 'The issue tracker for this project is read-only
',
+ output_text)
+
+
+class PagureFlaskAPIIssuesReadOnlytests(PagureFlaskIssuesReadOnlytests):
+ """ Tests for flask API issues controller of pagure with read-only tickets
+ """
+
+ @patch('pagure.lib.notify.send_email', MagicMock(return_value=True))
+ def setUp(self):
+ """ Set up the environnment, ran before every tests. """
+ super(PagureFlaskAPIIssuesReadOnlytests, self).setUp()
+
+ def test_api_new_issue(self):
+ """ Test creating a new ticket.
+ """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/api/0/test/new_issue', data={})
+ self.assertEqual(output.status_code, 401)
+ data = json.loads(output.get_data(as_text=True))
+ self.assertEqual(
+ data,
+ {
+ u'error': u'The issue tracker of this project is read-only',
+ u'error_code': u'ETRACKERREADONLY'
+ }
+ )
+
+ def test_api_change_status_issue(self):
+ """ Test closing a ticket. """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/api/0/test/issue/1/status', data={})
+ self.assertEqual(output.status_code, 401)
+ data = json.loads(output.get_data(as_text=True))
+ self.assertEqual(
+ data,
+ {
+ u'error': u'The issue tracker of this project is read-only',
+ u'error_code': u'ETRACKERREADONLY'
+ }
+ )
+
+ def test_api_change_milestone_issue(self):
+ """ Test change the milestone of a ticket. """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/api/0/test/issue/1/milestone', data={})
+ self.assertEqual(output.status_code, 401)
+ data = json.loads(output.get_data(as_text=True))
+ self.assertEqual(
+ data,
+ {
+ u'error': u'The issue tracker of this project is read-only',
+ u'error_code': u'ETRACKERREADONLY'
+ }
+ )
+
+ def test_api_comment_issue(self):
+ """ Test comment on a ticket. """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/api/0/test/issue/1/comment', data={})
+ self.assertEqual(output.status_code, 401)
+ data = json.loads(output.get_data(as_text=True))
+ self.assertEqual(
+ data,
+ {
+ u'error': u'The issue tracker of this project is read-only',
+ u'error_code': u'ETRACKERREADONLY'
+ }
+ )
+
+ def test_api_assign_issue(self):
+ """ Test assigning a ticket. """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/api/0/test/issue/1/assign', data={})
+ self.assertEqual(output.status_code, 401)
+ data = json.loads(output.get_data(as_text=True))
+ self.assertEqual(
+ data,
+ {
+ u'error': u'The issue tracker of this project is read-only',
+ u'error_code': u'ETRACKERREADONLY'
+ }
+ )
+
+ def test_api_subscribe_issue(self):
+ """ Test subscribing to a ticket. """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/api/0/test/issue/1/subscribe', data={})
+ self.assertEqual(output.status_code, 401)
+ data = json.loads(output.get_data(as_text=True))
+ self.assertEqual(
+ data,
+ {
+ u'error': u'The issue tracker of this project is read-only',
+ u'error_code': u'ETRACKERREADONLY'
+ }
+ )
+
+ def test_api_update_custom_field(self):
+ """ Test updating a specific custom fields on a ticket. """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/api/0/test/issue/1/custom/foo', data={})
+ self.assertEqual(output.status_code, 401)
+ data = json.loads(output.get_data(as_text=True))
+ self.assertEqual(
+ data,
+ {
+ u'error': u'The issue tracker of this project is read-only',
+ u'error_code': u'ETRACKERREADONLY'
+ }
+ )
+
+ def test_api_update_custom_fields(self):
+ """ Test updating custom fields on a ticket. """
+ user = tests.FakeUser(username='pingou')
+ with tests.user_set(self.app.application, user):
+ output = self.app.post('/api/0/test/issue/1/custom', data={})
+ self.assertEqual(output.status_code, 401)
+ data = json.loads(output.get_data(as_text=True))
+ self.assertEqual(
+ data,
+ {
+ u'error': u'The issue tracker of this project is read-only',
+ u'error_code': u'ETRACKERREADONLY'
+ }
+ )
+
+
+if __name__ == '__main__':
+ unittest.main(verbosity=2)
diff --git a/tests/test_pagure_lib_git.py b/tests/test_pagure_lib_git.py
index 1892b8a..82dffd0 100644
--- a/tests/test_pagure_lib_git.py
+++ b/tests/test_pagure_lib_git.py
@@ -1853,7 +1853,7 @@ new file mode 100644
index 0000000..60f7480
--- /dev/null
+++ b/456
-@@ -0,0 +1,139 @@
+@@ -0,0 +1,141 @@
+{
+ "assignee": null,
+ "branch": "master",
@@ -1902,6 +1902,7 @@ index 0000000..60f7480
+ "always_merge": false,
+ "fedmsg_notifications": true,
+ "issue_tracker": true,
++ "issue_tracker_read_only": false,
+ "issues_default_to_private": false,
+ "notify_on_commit_flag": false,
+ "notify_on_pull-request_flag": false,
@@ -1958,6 +1959,7 @@ index 0000000..60f7480
+ "always_merge": false,
+ "fedmsg_notifications": true,
+ "issue_tracker": true,
++ "issue_tracker_read_only": false,
+ "issues_default_to_private": false,
+ "notify_on_commit_flag": false,
+ "notify_on_pull-request_flag": false,