diff --git a/runbot/controllers/frontend.py b/runbot/controllers/frontend.py index 4f3ef3fe..16c46919 100644 --- a/runbot/controllers/frontend.py +++ b/runbot/controllers/frontend.py @@ -280,6 +280,10 @@ class Runbot(Controller): if from_batch: from_batch = request.env['runbot.batch'].browse(int(from_batch)) + if build_id not in from_batch.with_context(active_test=False).slot_ids.build_id.ids: + # the url may have been forged replacing the build id, redirect to hide the batch + return werkzeug.utils.redirect('/runbot/build/%s' % build_id) + from_batch = from_batch.with_context(batch=from_batch) Build = request.env['runbot.build'].with_context(batch=from_batch) diff --git a/runbot/models/batch.py b/runbot/models/batch.py index a0920485..b1d9a8bc 100644 --- a/runbot/models/batch.py +++ b/runbot/models/batch.py @@ -455,5 +455,6 @@ class BatchSlot(models.Model): self.ensure_one() if self.build_id: return self.build_id + self.batch_id._log(f'Trigger {self.trigger_id.name} was started by {self.env.user.name}') self.link_type, self.build_id = self.batch_id._create_build(self.params_id) return self.build_id