def _check_pull_request_access(request, assignee=False):
"""Check if user can access Pull-Request. Must be repo committer
or author to see private pull-requests.
:param request: PullRequest object
:param assignee: a boolean specifying whether to allow the assignee or not
defaults to False
:raises pagure.exceptions.APIError: when access denied
"""
# Private PRs require commit access
_check_private_pull_request_access(request)
error = False
# Public tickets require ticket access
error = not is_repo_user(request.project)
if assignee:
if (
request.assignee is not None
and request.assignee.user == flask.g.fas_user.username
):
error = False
if error:
raise pagure.exceptions.APIError(
403, error_code=APIERROR.EPRNOTALLOWED
)
def _check_ticket_access(issue, assignee=False, open_access=False):
"""Check if user can access issue. Must be repo committer
or author to see private issues.
:param issue: issue object
:param assignee: a boolean specifying whether to allow the assignee or not
defaults to False
:raises pagure.exceptions.APIError: when access denied
"""
# Private tickets require commit access
_check_private_issue_access(issue)
error = False
if not open_access:
# Public tickets require ticket access
error = not is_repo_user(issue.project)
if assignee:
if (
issue.assignee is not None
and issue.assignee.user == flask.g.fas_user.username
):
error = False
if error:
raise pagure.exceptions.APIError(
403, error_code=APIERROR.EISSUENOTALLOWED
)