Public bundles can have patches removed by anyone?

getpatchwork / patchwork

Patchwork is a web-based patch tracking system designed to facilitate the contribution and management of contributions to an open-source project.

http://jk.ozlabs.org/projects/patchwork/

GNU General Public License v2.0

273 stars 82 forks source link

Public bundles can have patches removed by anyone? #599

Open djbw opened 1 month ago

djbw commented 1 month ago

Perhaps this is an abuse of bundles, but we find it useful in our project to share an API token between maintainers for a shared user that maintains a public bundle. This provides a common location for anyone to see the patches that have been pulled into the review queue. Only folks with the API token can add to the bundle, but it appears that any account can remove patches from the bundle. Is that by design?

stephenfin commented 1 month ago

This is a bug. The API enforces the correct behaviour, but the web UI does not. Only the owner of a bundle should be able to manipulate the bundle.