diff --git a/pagure/lib/__init__.py b/pagure/lib/__init__.py index 0237880..ca699e6 100644 --- a/pagure/lib/__init__.py +++ b/pagure/lib/__init__.py @@ -2097,7 +2097,13 @@ def get_project(session, name, user=None, namespace=None): model.Project.is_fork == False ) - return query.first() + project = query.first() + + if project and is_repo_admin: + if project.private and not is_repo_admin(project): + return None + + return project def search_issues( diff --git a/pagure/ui/fork.py b/pagure/ui/fork.py index 99b1779..bdada35 100644 --- a/pagure/ui/fork.py +++ b/pagure/ui/fork.py @@ -260,9 +260,6 @@ def request_pull_patch(repo, requestid, username=None, namespace=None): """ repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('pull_requests', True): flask.abort(404, 'No pull-requests found for this project') @@ -353,9 +350,6 @@ def request_pull_edit(repo, requestid, username=None, namespace=None): repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('pull_requests', True): flask.abort(404, 'No pull-requests found for this project') @@ -430,9 +424,6 @@ def pull_request_add_comment( """ repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('pull_requests', True): flask.abort(404, 'No pull-requests found for this project') @@ -528,8 +519,8 @@ def pull_request_drop_comment( """ repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') + if not repo: + flask.abort(404, 'Project not found') if not repo.settings.get('pull_requests', True): flask.abort(404, 'No pull-requests found for this project') @@ -603,9 +594,6 @@ def pull_request_edit_comment( project = flask.g.repo - if project.private and not is_repo_admin(project): - flask.abort(401, 'Forbidden') - if not project.settings.get('pull_requests', True): flask.abort(404, 'No pull-requests found for this project') @@ -706,9 +694,6 @@ def merge_request_pull(repo, requestid, username=None, namespace=None): repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('pull_requests', True): flask.abort(404, 'No pull-requests found for this project') @@ -840,9 +825,6 @@ def set_assignee_requests(repo, requestid, username=None, namespace=None): ''' Assign a pull-request. ''' repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('pull_requests', True): flask.abort(404, 'No pull-request allowed on this project') @@ -973,9 +955,6 @@ def new_request_pull( repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - parent = repo if repo.parent: parent = repo.parent @@ -1128,9 +1107,6 @@ def new_remote_request_pull(repo, username=None, namespace=None): repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('pull_requests', True): flask.abort(404, 'No pull-request allowed on this project') diff --git a/pagure/ui/issues.py b/pagure/ui/issues.py index c52f290..e90937b 100644 --- a/pagure/ui/issues.py +++ b/pagure/ui/issues.py @@ -73,9 +73,6 @@ def update_issue(repo, issueid, username=None, namespace=None): repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if flask.request.method == 'GET': if not is_js: flask.flash('Invalid method: GET', 'error') @@ -628,9 +625,6 @@ def view_issues(repo, username=None, namespace=None): repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('issue_tracker', True): flask.abort(404, 'No issue tracker found for this project') @@ -765,9 +759,6 @@ def view_roadmap(repo, username=None, namespace=None): repo = flask.g.repo - if repo.private and is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('issue_tracker', True): flask.abort(404, 'No issue tracker found for this project') @@ -886,9 +877,6 @@ def new_issue(repo, username=None, namespace=None): """ repo = flask.g.repo - if repo.private and is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('issue_tracker', True): flask.abort(404, 'No issue tracker found for this project') @@ -1012,9 +1000,6 @@ def view_issue(repo, issueid, username=None, namespace=None): repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('issue_tracker', True): flask.abort(404, 'No issue tracker found for this project') @@ -1079,9 +1064,6 @@ def delete_issue(repo, issueid, username=None, namespace=None): repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('issue_tracker', True): flask.abort(404, 'No issue tracker found for this project') @@ -1140,9 +1122,6 @@ def edit_issue(repo, issueid, username=None, namespace=None): """ repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('issue_tracker', True): flask.abort(404, 'No issue tracker found for this project') @@ -1268,9 +1247,6 @@ def upload_issue(repo, issueid, username=None, namespace=None): ''' repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('issue_tracker', True): flask.abort(404, 'No issue tracker found for this project') @@ -1336,9 +1312,6 @@ def view_issue_raw_file( repo = flask.g.repo - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - if not repo.settings.get('issue_tracker', True): flask.abort(404, 'No issue tracker found for this project') @@ -1426,9 +1399,6 @@ def edit_comment_issue( project = flask.g.repo - if project.private and not is_repo_admin(project): - flask.abort(401, 'Forbidden') - if not project.settings.get('issue_tracker', True): flask.abort(404, 'No issue tracker found for this project') diff --git a/pagure/ui/repo.py b/pagure/ui/repo.py index 8df21a8..64a02be 100644 --- a/pagure/ui/repo.py +++ b/pagure/ui/repo.py @@ -80,18 +80,6 @@ def view_repo(repo, username=None, namespace=None): repo_db = flask.g.repo repo_obj = flask.g.repo_obj - repo = pagure.lib.get_project(SESSION, repo, user=username) - - if not repo: - flask.abort(404, 'Project not found') - - if repo.private and not is_repo_admin(repo): - flask.abort(401, 'Forbidden') - - reponame = pagure.get_repo_path(repo) - - repo_obj = pygit2.Repository(reponame) - if not repo_obj.is_empty and not repo_obj.head_is_unborn: head = repo_obj.head.shorthand else: diff --git a/tests/test_pagure_private_repo.py b/tests/test_pagure_private_repo.py index 61d0d9f..661c43e 100644 --- a/tests/test_pagure_private_repo.py +++ b/tests/test_pagure_private_repo.py @@ -21,7 +21,6 @@ import pagure.lib import tests from pagure.lib.repo import PagureRepo - class PagurePrivateRepotest(tests.Modeltests): """ Tests for private repo in pagure """ @@ -479,7 +478,7 @@ class PagurePrivateRepotest(tests.Modeltests): user = tests.FakeUser() with tests.user_set(pagure.APP, user): output = self.app.get('/pmc/pull-requests') - self.assertEqual(output.status_code, 401) + self.assertEqual(output.status_code, 404) user = tests.FakeUser(username='pingou') with tests.user_set(pagure.APP, user): @@ -519,7 +518,7 @@ class PagurePrivateRepotest(tests.Modeltests): # Check if the private repo issues are publicly accesible output = self.app.get('/test4/issues') - self.assertEqual(output.status_code, 401) + self.assertEqual(output.status_code, 404) # Create issues to play with repo = pagure.lib.get_project(self.session, 'test4') @@ -539,11 +538,11 @@ class PagurePrivateRepotest(tests.Modeltests): # Whole list output = self.app.get('/test4/issues') - self.assertEqual(output.status_code, 401) + self.assertEqual(output.status_code, 404) # Check single issue output = self.app.get('/test4/issue/1') - self.assertEqual(output.status_code, 401) + self.assertEqual(output.status_code, 404) user = tests.FakeUser(username='pingou') with tests.user_set(pagure.APP, user):