mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-27 00:23:41 +09:00 
			
		
		
		
	Prevent allow/reject reviews on merged/closed PRs (#30686)
Resolves #30675.
This commit is contained in:
		| @@ -4,6 +4,7 @@ | |||||||
| package repo | package repo | ||||||
|  |  | ||||||
| import ( | import ( | ||||||
|  | 	"errors" | ||||||
| 	"fmt" | 	"fmt" | ||||||
| 	"net/http" | 	"net/http" | ||||||
| 	"strings" | 	"strings" | ||||||
| @@ -372,7 +373,11 @@ func CreatePullReview(ctx *context.APIContext) { | |||||||
| 	// create review and associate all pending review comments | 	// create review and associate all pending review comments | ||||||
| 	review, _, err := pull_service.SubmitReview(ctx, ctx.Doer, ctx.Repo.GitRepo, pr.Issue, reviewType, opts.Body, opts.CommitID, nil) | 	review, _, err := pull_service.SubmitReview(ctx, ctx.Doer, ctx.Repo.GitRepo, pr.Issue, reviewType, opts.Body, opts.CommitID, nil) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
|  | 		if errors.Is(err, pull_service.ErrSubmitReviewOnClosedPR) { | ||||||
|  | 			ctx.Error(http.StatusUnprocessableEntity, "", err) | ||||||
|  | 		} else { | ||||||
| 			ctx.Error(http.StatusInternalServerError, "SubmitReview", err) | 			ctx.Error(http.StatusInternalServerError, "SubmitReview", err) | ||||||
|  | 		} | ||||||
| 		return | 		return | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| @@ -460,7 +465,11 @@ func SubmitPullReview(ctx *context.APIContext) { | |||||||
| 	// create review and associate all pending review comments | 	// create review and associate all pending review comments | ||||||
| 	review, _, err = pull_service.SubmitReview(ctx, ctx.Doer, ctx.Repo.GitRepo, pr.Issue, reviewType, opts.Body, headCommitID, nil) | 	review, _, err = pull_service.SubmitReview(ctx, ctx.Doer, ctx.Repo.GitRepo, pr.Issue, reviewType, opts.Body, headCommitID, nil) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
|  | 		if errors.Is(err, pull_service.ErrSubmitReviewOnClosedPR) { | ||||||
|  | 			ctx.Error(http.StatusUnprocessableEntity, "", err) | ||||||
|  | 		} else { | ||||||
| 			ctx.Error(http.StatusInternalServerError, "SubmitReview", err) | 			ctx.Error(http.StatusInternalServerError, "SubmitReview", err) | ||||||
|  | 		} | ||||||
| 		return | 		return | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
|   | |||||||
| @@ -264,6 +264,8 @@ func SubmitReview(ctx *context.Context) { | |||||||
| 		if issues_model.IsContentEmptyErr(err) { | 		if issues_model.IsContentEmptyErr(err) { | ||||||
| 			ctx.Flash.Error(ctx.Tr("repo.issues.review.content.empty")) | 			ctx.Flash.Error(ctx.Tr("repo.issues.review.content.empty")) | ||||||
| 			ctx.JSONRedirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index)) | 			ctx.JSONRedirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index)) | ||||||
|  | 		} else if errors.Is(err, pull_service.ErrSubmitReviewOnClosedPR) { | ||||||
|  | 			ctx.Status(http.StatusUnprocessableEntity) | ||||||
| 		} else { | 		} else { | ||||||
| 			ctx.ServerError("SubmitReview", err) | 			ctx.ServerError("SubmitReview", err) | ||||||
| 		} | 		} | ||||||
|   | |||||||
| @@ -6,6 +6,7 @@ package pull | |||||||
|  |  | ||||||
| import ( | import ( | ||||||
| 	"context" | 	"context" | ||||||
|  | 	"errors" | ||||||
| 	"fmt" | 	"fmt" | ||||||
| 	"io" | 	"io" | ||||||
| 	"regexp" | 	"regexp" | ||||||
| @@ -43,6 +44,9 @@ func (err ErrDismissRequestOnClosedPR) Unwrap() error { | |||||||
| 	return util.ErrPermissionDenied | 	return util.ErrPermissionDenied | ||||||
| } | } | ||||||
|  |  | ||||||
|  | // ErrSubmitReviewOnClosedPR represents an error when an user tries to submit an approve or reject review associated to a closed or merged PR. | ||||||
|  | var ErrSubmitReviewOnClosedPR = errors.New("can't submit review for a closed or merged PR") | ||||||
|  |  | ||||||
| // checkInvalidation checks if the line of code comment got changed by another commit. | // checkInvalidation checks if the line of code comment got changed by another commit. | ||||||
| // If the line got changed the comment is going to be invalidated. | // If the line got changed the comment is going to be invalidated. | ||||||
| func checkInvalidation(ctx context.Context, c *issues_model.Comment, doer *user_model.User, repo *git.Repository, branch string) error { | func checkInvalidation(ctx context.Context, c *issues_model.Comment, doer *user_model.User, repo *git.Repository, branch string) error { | ||||||
| @@ -293,6 +297,10 @@ func SubmitReview(ctx context.Context, doer *user_model.User, gitRepo *git.Repos | |||||||
| 	if reviewType != issues_model.ReviewTypeApprove && reviewType != issues_model.ReviewTypeReject { | 	if reviewType != issues_model.ReviewTypeApprove && reviewType != issues_model.ReviewTypeReject { | ||||||
| 		stale = false | 		stale = false | ||||||
| 	} else { | 	} else { | ||||||
|  | 		if issue.IsClosed { | ||||||
|  | 			return nil, nil, ErrSubmitReviewOnClosedPR | ||||||
|  | 		} | ||||||
|  |  | ||||||
| 		headCommitID, err := gitRepo.GetRefCommitID(pr.GetGitRefName()) | 		headCommitID, err := gitRepo.GetRefCommitID(pr.GetGitRefName()) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			return nil, nil, err | 			return nil, nil, err | ||||||
|   | |||||||
| @@ -30,6 +30,7 @@ | |||||||
| 				{{end}} | 				{{end}} | ||||||
| 				<div class="divider"></div> | 				<div class="divider"></div> | ||||||
| 				{{$showSelfTooltip := (and $.IsSigned ($.Issue.IsPoster $.SignedUser.ID))}} | 				{{$showSelfTooltip := (and $.IsSigned ($.Issue.IsPoster $.SignedUser.ID))}} | ||||||
|  | 				{{if not $.Issue.IsClosed}} | ||||||
| 					{{if $showSelfTooltip}} | 					{{if $showSelfTooltip}} | ||||||
| 						<span class="tw-inline-block" data-tooltip-content="{{ctx.Locale.Tr "repo.diff.review.self_approve"}}"> | 						<span class="tw-inline-block" data-tooltip-content="{{ctx.Locale.Tr "repo.diff.review.self_approve"}}"> | ||||||
| 							<button type="submit" name="type" value="approve" disabled class="ui submit primary tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.approve"}}</button> | 							<button type="submit" name="type" value="approve" disabled class="ui submit primary tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.approve"}}</button> | ||||||
| @@ -37,7 +38,9 @@ | |||||||
| 					{{else}} | 					{{else}} | ||||||
| 						<button type="submit" name="type" value="approve" class="ui submit primary tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.approve"}}</button> | 						<button type="submit" name="type" value="approve" class="ui submit primary tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.approve"}}</button> | ||||||
| 					{{end}} | 					{{end}} | ||||||
|  | 				{{end}} | ||||||
| 				<button type="submit" name="type" value="comment" class="ui submit tiny basic button btn-submit">{{ctx.Locale.Tr "repo.diff.review.comment"}}</button> | 				<button type="submit" name="type" value="comment" class="ui submit tiny basic button btn-submit">{{ctx.Locale.Tr "repo.diff.review.comment"}}</button> | ||||||
|  | 				{{if not $.Issue.IsClosed}} | ||||||
| 					{{if $showSelfTooltip}} | 					{{if $showSelfTooltip}} | ||||||
| 						<span class="tw-inline-block" data-tooltip-content="{{ctx.Locale.Tr "repo.diff.review.self_reject"}}"> | 						<span class="tw-inline-block" data-tooltip-content="{{ctx.Locale.Tr "repo.diff.review.self_reject"}}"> | ||||||
| 							<button type="submit" name="type" value="reject" disabled class="ui submit red tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.reject"}}</button> | 							<button type="submit" name="type" value="reject" disabled class="ui submit red tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.reject"}}</button> | ||||||
| @@ -45,6 +48,7 @@ | |||||||
| 					{{else}} | 					{{else}} | ||||||
| 						<button type="submit" name="type" value="reject" class="ui submit red tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.reject"}}</button> | 						<button type="submit" name="type" value="reject" class="ui submit red tiny button btn-submit">{{ctx.Locale.Tr "repo.diff.review.reject"}}</button> | ||||||
| 					{{end}} | 					{{end}} | ||||||
|  | 				{{end}} | ||||||
| 			</form> | 			</form> | ||||||
| 		</div> | 		</div> | ||||||
| 	</div> | 	</div> | ||||||
|   | |||||||
| @@ -5,12 +5,15 @@ package integration | |||||||
|  |  | ||||||
| import ( | import ( | ||||||
| 	"net/http" | 	"net/http" | ||||||
|  | 	"net/http/httptest" | ||||||
| 	"net/url" | 	"net/url" | ||||||
|  | 	"path" | ||||||
| 	"strings" | 	"strings" | ||||||
| 	"testing" | 	"testing" | ||||||
|  |  | ||||||
| 	"code.gitea.io/gitea/models/db" | 	"code.gitea.io/gitea/models/db" | ||||||
| 	issues_model "code.gitea.io/gitea/models/issues" | 	issues_model "code.gitea.io/gitea/models/issues" | ||||||
|  | 	repo_model "code.gitea.io/gitea/models/repo" | ||||||
| 	"code.gitea.io/gitea/models/unittest" | 	"code.gitea.io/gitea/models/unittest" | ||||||
| 	user_model "code.gitea.io/gitea/models/user" | 	user_model "code.gitea.io/gitea/models/user" | ||||||
| 	"code.gitea.io/gitea/modules/git" | 	"code.gitea.io/gitea/modules/git" | ||||||
| @@ -176,3 +179,82 @@ func TestPullView_CodeOwner(t *testing.T) { | |||||||
| 		}) | 		}) | ||||||
| 	}) | 	}) | ||||||
| } | } | ||||||
|  |  | ||||||
|  | func TestPullView_GivenApproveOrRejectReviewOnClosedPR(t *testing.T) { | ||||||
|  | 	onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) { | ||||||
|  | 		user1Session := loginUser(t, "user1") | ||||||
|  | 		user2Session := loginUser(t, "user2") | ||||||
|  |  | ||||||
|  | 		// Have user1 create a fork of repo1. | ||||||
|  | 		testRepoFork(t, user1Session, "user2", "repo1", "user1", "repo1") | ||||||
|  |  | ||||||
|  | 		t.Run("Submit approve/reject review on merged PR", func(t *testing.T) { | ||||||
|  | 			// Create a merged PR (made by user1) in the upstream repo1. | ||||||
|  | 			testEditFile(t, user1Session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n") | ||||||
|  | 			resp := testPullCreate(t, user1Session, "user1", "repo1", false, "master", "master", "This is a pull title") | ||||||
|  | 			elem := strings.Split(test.RedirectURL(resp), "/") | ||||||
|  | 			assert.EqualValues(t, "pulls", elem[3]) | ||||||
|  | 			testPullMerge(t, user1Session, elem[1], elem[2], elem[4], repo_model.MergeStyleMerge, false) | ||||||
|  |  | ||||||
|  | 			// Grab the CSRF token. | ||||||
|  | 			req := NewRequest(t, "GET", path.Join(elem[1], elem[2], "pulls", elem[4])) | ||||||
|  | 			resp = user2Session.MakeRequest(t, req, http.StatusOK) | ||||||
|  | 			htmlDoc := NewHTMLParser(t, resp.Body) | ||||||
|  |  | ||||||
|  | 			// Submit an approve review on the PR. | ||||||
|  | 			testSubmitReview(t, user2Session, htmlDoc.GetCSRF(), "user2", "repo1", elem[4], "approve", http.StatusUnprocessableEntity) | ||||||
|  |  | ||||||
|  | 			// Submit a reject review on the PR. | ||||||
|  | 			testSubmitReview(t, user2Session, htmlDoc.GetCSRF(), "user2", "repo1", elem[4], "reject", http.StatusUnprocessableEntity) | ||||||
|  | 		}) | ||||||
|  |  | ||||||
|  | 		t.Run("Submit approve/reject review on closed PR", func(t *testing.T) { | ||||||
|  | 			// Created a closed PR (made by user1) in the upstream repo1. | ||||||
|  | 			testEditFileToNewBranch(t, user1Session, "user1", "repo1", "master", "a-test-branch", "README.md", "Hello, World (Editied...again)\n") | ||||||
|  | 			resp := testPullCreate(t, user1Session, "user1", "repo1", false, "master", "a-test-branch", "This is a pull title") | ||||||
|  | 			elem := strings.Split(test.RedirectURL(resp), "/") | ||||||
|  | 			assert.EqualValues(t, "pulls", elem[3]) | ||||||
|  | 			testIssueClose(t, user1Session, elem[1], elem[2], elem[4]) | ||||||
|  |  | ||||||
|  | 			// Grab the CSRF token. | ||||||
|  | 			req := NewRequest(t, "GET", path.Join(elem[1], elem[2], "pulls", elem[4])) | ||||||
|  | 			resp = user2Session.MakeRequest(t, req, http.StatusOK) | ||||||
|  | 			htmlDoc := NewHTMLParser(t, resp.Body) | ||||||
|  |  | ||||||
|  | 			// Submit an approve review on the PR. | ||||||
|  | 			testSubmitReview(t, user2Session, htmlDoc.GetCSRF(), "user2", "repo1", elem[4], "approve", http.StatusUnprocessableEntity) | ||||||
|  |  | ||||||
|  | 			// Submit a reject review on the PR. | ||||||
|  | 			testSubmitReview(t, user2Session, htmlDoc.GetCSRF(), "user2", "repo1", elem[4], "reject", http.StatusUnprocessableEntity) | ||||||
|  | 		}) | ||||||
|  | 	}) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func testSubmitReview(t *testing.T, session *TestSession, csrf, owner, repo, pullNumber, reviewType string, expectedSubmitStatus int) *httptest.ResponseRecorder { | ||||||
|  | 	options := map[string]string{ | ||||||
|  | 		"_csrf":     csrf, | ||||||
|  | 		"commit_id": "", | ||||||
|  | 		"content":   "test", | ||||||
|  | 		"type":      reviewType, | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	submitURL := path.Join(owner, repo, "pulls", pullNumber, "files", "reviews", "submit") | ||||||
|  | 	req := NewRequestWithValues(t, "POST", submitURL, options) | ||||||
|  | 	return session.MakeRequest(t, req, expectedSubmitStatus) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func testIssueClose(t *testing.T, session *TestSession, owner, repo, issueNumber string) *httptest.ResponseRecorder { | ||||||
|  | 	req := NewRequest(t, "GET", path.Join(owner, repo, "pulls", issueNumber)) | ||||||
|  | 	resp := session.MakeRequest(t, req, http.StatusOK) | ||||||
|  |  | ||||||
|  | 	htmlDoc := NewHTMLParser(t, resp.Body) | ||||||
|  | 	closeURL := path.Join(owner, repo, "issues", issueNumber, "comments") | ||||||
|  |  | ||||||
|  | 	options := map[string]string{ | ||||||
|  | 		"_csrf":  htmlDoc.GetCSRF(), | ||||||
|  | 		"status": "close", | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	req = NewRequestWithValues(t, "POST", closeURL, options) | ||||||
|  | 	return session.MakeRequest(t, req, http.StatusOK) | ||||||
|  | } | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user