mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-11-02 15:31:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix comment permissions (#28213)

Browse source 
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
This commit is contained in:
Lunny Xiao 2023-11-26 01:21:21 +08:00 committed by Loïc Dachary
commit 5504ce44d2
No known key found for this signature in database
GPG key ID: 992D23B392F9E4F2
34 changed files with 417 additions and 105 deletions
Download patch file Download diff file Expand all files Collapse all files

4
routers/api/v1/repo/issue_comment_attachment.go
View file

@ -356,6 +356,10 @@ func getIssueCommentSafe(ctx *context.APIContext) *issues_model.Comment {
return nil
}
if !ctx.Repo.CanReadIssuesOrPulls(comment.Issue.IsPull) {
return nil
}
comment.Issue.Repo = ctx.Repo.Repository
return comment