Skip to content

Prevent any user from updating public bundles #629

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Prevent any user from updating public bundles #629

wants to merge 1 commit into from

Conversation

nifey
Copy link

@nifey nifey commented Apr 16, 2025

Currently, the web UI allows any logged in user to remove patches from public bundles. However the correct behaviour is that only the owner of the bundle should be allowed to update a bundle.

Fix that by adding checks in set_bundle() before adding or removing patches from bundles.

Closes: #599

After fixing, when I try to remove a patch from a public bundle (without being an owner user), I get the following error message and the patch is not removed.

Screenshot 2025-04-16 at 22-05-47 Linux kernel - Patchwork

@nifey
Prevent any user from updating public bundles
a3e6685 
Currently, the web UI allows any logged in user to remove patches from
public bundles. However the correct behaviour is that only the owner of
the bundle should be allowed to update a bundle.

Fix that by adding checks in set_bundle() before adding or removing
patches from bundles.

Signed-off-by: Abdun Nihaal <[email protected]>
Closes: getpatchwork#599
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Public bundles can have patches removed by anyone?
1 participant
@nifey