From fe91d48889c861e2e9a6da8a52445fc8de6b947f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Tue, 4 Dec 2018 09:18:20 +0100
Subject: [PATCH] [api] ensure correct user is set when doing auto_accept in a
 loop

Ensure that we have a valid user for auto_accept (should not be
possible)

Enforce the right user when running via multiple requests in a loop
---
 src/api/app/models/bs_request.rb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/api/app/models/bs_request.rb b/src/api/app/models/bs_request.rb
index 77b1a21fb84..31f31e55170 100644
--- a/src/api/app/models/bs_request.rb
+++ b/src/api/app/models/bs_request.rb
@@ -969,8 +969,12 @@ def auto_accept
     return if approver && state == :review
 
     with_lock do
-      User.current ||= User.find_by_login(creator) if accept_at
-      User.current = User.find_by_login(approver) if approver
+      if accept_at
+        User.current = User.find_by_login(creator)
+      elsif approver
+        User.current = User.find_by_login(approver)
+      end
+      raise 'Request lacks definition of owner for auto accept' unless User.current
 
       begin
         change_state(newstate: 'accepted', comment: 'Auto accept')