Securing code reviews?

[nqramjets]

Is there any way to secure code reviews?

 

We had a developer accidentally delete a review and all information appears to be lost.

 

I see no mechanism to prevent this from happening; it appears that the editreview trigger is not fired when deleting a code review.

 

Does anyone have a workaround for this??

 

-Ryan

[calbzam]

Hi,

 

You can use the "before-editreview" trigger (http://plasticscm.com/documentation/triggers/plastic-scm-version-control-triggers-guide.shtml). This way, if the trigger fails, an error is reported and the code review edition is not saved in the repository.  You can create a trigger based on the user, repository name, status, title...

 

Regards,

Carlos

[nqramjets]

Hi Carlos,

 

When editing a review that trigger works as I expect, but my problem is the developer *deleting* the review. It seems that the before-editreview trigger is not fired when the user deletes a code review.

 

All I need to do is prevent user from deleting code reviews; the information in them is very valuable, but I can't figure out a way to prevent this using security, triggers, or any other means.

 

Am I missing something?

 

Thanks,

Ryan

[calbzam]

Hi,

 

I will perform a test, but if the "before-editreview" trigger doesn´t work when deleting a code review, I´m afraid that there is not a specific trigger for delete code reviews.

 

Regards,

Carlos

[nqramjets]

For know we have a workaround by placing INSTEAD OF DELETE triggers on the object and review tables in SQL Server.

 

This is obviously a kludge workaround, but perhaps we can remove them if reviews are ever secured.

[calbzam]

Ok, thanks for sharing the workaround. It´s a bit hacker, but it´s perfectly doable