Currently when submitting a new review, if the origin/distroseries (ie. 'ubuntu/lucid') does not already exist in the database, it is simply created without checking with Launchpad. We may eventually want to do the same for architectures too (verifying that the architecture supplied with the review exists in the distroseries).
This is just a bug for an existing XXX which was recently moved to: reviewsapp.forms.ReviewForm._validate_and_populate_repository.
To QA:
I've not yet come up with a reliable way to QA this, but with mvo's help, created:
https://pastebin.canonical.com/42986/
which *should* enable us to verify what happens when submitting a review for Ubuntu 'lucky', but at this point, I either get an API 401 (authentication), or can't login with my staging credentials (which I've checked via the website). Maybe achuni or Danny will fare better. Update: achuni pointed out that the reason for the authentication failure using staging is because the oauth api for staging SSO is currently in a broken state. When: https://login.staging.ubuntu.com/+applications is not erroring, we should be able to QA this on staging.
Related to this, when a software_item is validated (by the ReviewForm), it currently only checks the validity of the package in the specified distroseries if a matching software item does not already exist. It should instead be verifying if a software item with reviews for the given distroseries doesn't already exist.
So currently:
1) Create a valid review for a package in Ubuntu Lucid,
2) Create a second review for the same package, but in Debian DoesntExist
ER: (2) should fail validation
AR: (2) succeeds, creating the new repository in rnr.