-
Notifications
You must be signed in to change notification settings - Fork 83
Conversation
@@ -71,6 +72,13 @@ func (c *Controller) HandleBatchIssue() http.Handler { | |||
return | |||
} | |||
|
|||
if !membership.Can(rbac.CodeBulkIssue) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can only do this check if it was called via the UI. There is no "membership" on the API.
I'm also pretty sure I did this - isn't there a specific handler for the UI server to server this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No the UI server remounts HandleIssue and HandleBulkIssue at another route (for ajax), but it's the same code.
What if we only check this if User is present (not authorized_app)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess that's fine? I just really dislike when a code path behaves dramatically different based on some other data that's a few layers of indirection away.
/hold |
/unhold |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sethvargo, whaught The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Proposed Changes
Release Note