Allow read-only PR queue inventory under author profiles while preserving hard review/merge gates

This commit is contained in:
2026-07-05 12:14:26 -04:00
parent 82d6bf286a
commit 485ba22c8f
5 changed files with 367 additions and 16 deletions
+12 -11
View File
@@ -750,10 +750,11 @@ class TestReviewPR(unittest.TestCase):
self.assertIn("no longer supported", result["message"])
self.assertEqual(mock_api.call_count, 0)
@patch("mcp_server.api_get_all")
@patch("mcp_server.api_request")
@patch("mcp_server.get_auth_header", return_value=FAKE_AUTH)
@patch("mcp_server.get_profile")
def test_legacy_review_pr_uses_gates(self, mock_get_profile, _auth, mock_api):
def test_legacy_review_pr_uses_gates(self, mock_get_profile, _auth, mock_api, mock_get_all):
# Mock profile to lack approve capability (fails gate)
mock_get_profile.return_value = {
"profile_name": "gitea-readonly",
@@ -761,11 +762,8 @@ class TestReviewPR(unittest.TestCase):
"forbidden_operations": [],
"base_url": None,
}
# mock_api responses for auth_user and pr_author
mock_api.side_effect = [
{"login": "reviewer1"}, # /api/v1/user
{"state": "open", "head": {"sha": "abc1234"}, "mergeable": True, "user": {"login": "author1"}}, # /pulls/1
]
mock_get_all.return_value = [{"number": 1, "title": "PR 1", "state": "open", "head": {"ref": "branch1", "sha": "abc1234"}, "base": {"ref": "master"}, "mergeable": True, "user": {"login": "author1"}}]
mock_api.return_value = {"login": "reviewer1"}
result = gitea_review_pr(
pr_number=1,
event="APPROVE",
@@ -773,22 +771,25 @@ class TestReviewPR(unittest.TestCase):
merge=False
)
self.assertFalse(result["success"])
self.assertIn("Review submission failed eligibility gates", result["message"])
self.assertIn("not allowed to approve", result["message"])
self.assertIn("Review/Merge Blocked", result["message"])
self.assertIn("Author profile", result["message"])
@patch("mcp_server.api_get_all")
@patch("mcp_server.api_request")
@patch("mcp_server.get_auth_header", return_value=FAKE_AUTH)
@patch("mcp_server.get_profile")
def test_legacy_review_pr_self_approval_blocked(self, mock_get_profile, _auth, mock_api):
def test_legacy_review_pr_self_approval_blocked(self, mock_get_profile, _auth, mock_api, mock_get_all):
mock_get_profile.return_value = {
"profile_name": "gitea-reviewer",
"allowed_operations": ["read", "approve"],
"forbidden_operations": [],
"base_url": None,
}
# mock_api responses for auth_user and pr_author
mock_get_all.return_value = [{"number": 1, "title": "PR 1", "state": "open", "head": {"ref": "branch1", "sha": "abc1234"}, "base": {"ref": "master"}, "mergeable": True, "user": {"login": "jcwalker3"}}]
# mock_api responses: 1) /user (inventory), 2) /user (eligibility), 3) /pulls/1 (eligibility)
mock_api.side_effect = [
{"login": "jcwalker3"}, # /api/v1/user
{"login": "jcwalker3"}, # /api/v1/user (inventory)
{"login": "jcwalker3"}, # /api/v1/user (eligibility)
{"state": "open", "head": {"sha": "abc1234"}, "mergeable": True, "user": {"login": "jcwalker3"}}, # /pulls/1
]
result = gitea_review_pr(