Refactor security scan task and update auto-approval logic name

Xpirix · Xpirix · commit a2eb015a3fa7 · 2026-04-17T18:23:54.000+03:00
diff --git a/qgis-app/plugins/api.py b/qgis-app/plugins/api.py
@@ -16,6 +16,7 @@
 from plugins.models import *
 from plugins.validator import validator
 from plugins.views import plugin_notify, send_upload_confirmation_email
+from plugins.tasks.run_security_scan import run_security_scan_task
 from rpc4django import rpcmethod
 from taggit.models import Tag
 
@@ -141,7 +142,6 @@ def plugin_upload(package, **kwargs):
         send_upload_confirmation_email(new_version)
 
         # Queue async security scan task
-        from plugins.tasks.run_security_scan import run_security_scan_task
         run_security_scan_task.delay(new_version.pk)
     except IntegrityError as e:
         # Avoids error: current transaction is aborted, commands ignored until
diff --git a/qgis-app/plugins/models.py b/qgis-app/plugins/models.py
@@ -985,6 +985,7 @@ def is_available(self):
         (not blocked by security checks).
         """
         return self.validation_status not in [
+            VALIDATION_STATUS_PENDING,
             VALIDATION_STATUS_VALIDATING,
             VALIDATION_STATUS_BLOCKED,
         ]
diff --git a/qgis-app/plugins/tasks/run_security_scan.py b/qgis-app/plugins/tasks/run_security_scan.py
@@ -71,7 +71,7 @@ def run_security_scan_task(self, plugin_version_pk, is_manual=False):
         )
         if not is_manual:
             plugin_version.validation_status = VALIDATION_STATUS_VALIDATED
-            _maybe_auto_approve(plugin_version)
+            _auto_approve_if_trusted(plugin_version)
             plugin_version.save()
             _send_validation_results_email(plugin_version, security_scan=None)
             if not plugin_version.approved:
@@ -97,7 +97,7 @@ def run_security_scan_task(self, plugin_version_pk, is_manual=False):
         )
     else:
         plugin_version.validation_status = VALIDATION_STATUS_VALIDATED
-        _maybe_auto_approve(plugin_version)
+        _auto_approve_if_trusted(plugin_version)
         logger.info(
             f"Plugin {plugin.package_name} v{plugin_version.version} validated successfully"
         )
@@ -115,7 +115,7 @@ def run_security_scan_task(self, plugin_version_pk, is_manual=False):
         _notify_staff_for_review(plugin_version)
 
 
-def _maybe_auto_approve(plugin_version):
+def _auto_approve_if_trusted(plugin_version):
     """
     Auto-approve the version if the uploader is trusted or the plugin
     already has at least one approved version.
@@ -205,7 +205,7 @@ def _send_validation_results_email(plugin_version, security_scan):
 """
 
     try:
-        send_mail(subject, message, mail_from, recipients, fail_silently=True)
+        send_mail(subject, message, mail_from, recipients)
         logger.info(
             f"Validation results email sent for {plugin.package_name} v{plugin_version.version} "
             f"to {recipients}"
@@ -271,8 +271,7 @@ def _notify_staff_for_review(plugin_version):
 Link: http://{domain}{plugin_version.get_absolute_url()}
 """,
             mail_from,
-            recipients,
-            fail_silently=True,
+            recipients
         )
     except Exception as e:
         logger.error(f"Failed to send staff review notification: {e}")
diff --git a/qgis-app/plugins/tests/test_security_validator.py b/qgis-app/plugins/tests/test_security_validator.py
@@ -30,7 +30,7 @@
     VALIDATION_STATUS_VALIDATING,
 )
 from plugins.tasks.run_security_scan import (
-    _maybe_auto_approve,
+    _auto_approve_if_trusted,
     _send_validation_results_email,
     run_security_scan_task,
 )
@@ -223,7 +223,7 @@ def test_task_scan_tool_failure_treated_as_validated(self, mock_scan):
 # ---------------------------------------------------------------------------
 
 class MaybeAutoApproveTest(TestCase):
-    """Tests for the _maybe_auto_approve helper."""
+    """Tests for the _auto_approve_if_trusted helper."""
 
     def setUp(self):
         self.user = User.objects.create_user(
@@ -239,7 +239,7 @@ def test_auto_approve_for_trusted_user(self):
         self.user = User.objects.get(pk=self.user.pk)
         self.version.created_by = self.user
 
-        _maybe_auto_approve(self.version)
+        _auto_approve_if_trusted(self.version)
 
         self.assertTrue(self.version.approved)
 
@@ -260,13 +260,13 @@ def test_auto_approve_when_plugin_already_approved(self):
         # Plugin.approved returns True when any version is approved
         self.assertTrue(self.plugin.approved)
 
-        _maybe_auto_approve(self.version)
+        _auto_approve_if_trusted(self.version)
 
         self.assertTrue(self.version.approved)
 
     def test_no_auto_approve_for_untrusted_user(self):
         """Regular users without 'can_approve' are NOT auto-approved."""
-        _maybe_auto_approve(self.version)
+        _auto_approve_if_trusted(self.version)
         self.assertFalse(self.version.approved)
 
 

Original file line number	Diff line number	Diff line change
`@@ -985,6 +985,7 @@ def is_available(self):`
`985`	`985`	`(not blocked by security checks).`
`986`	`986`	`"""`
`987`	`987`	`return self.validation_status not in [`
	`988`	`+ VALIDATION_STATUS_PENDING,`
`988`	`989`	`VALIDATION_STATUS_VALIDATING,`
`989`	`990`	`VALIDATION_STATUS_BLOCKED,`
`990`	`991`	`]`