mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-09-11 05:17:25 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix comment permissions (#28213) (#28217)

Browse source 
backport #28213

This PR will fix some missed checks for private repositories' data on
web routes and API routes.

(cherry picked from commit dfd511faf3)
This commit is contained in:
Lunny Xiao 2023-11-26 07:21:41 +08:00 committed by Loïc Dachary
commit db0d71ec0f
No known key found for this signature in database
GPG key ID: 992D23B392F9E4F2
35 changed files with 422 additions and 109 deletions
Download patch file Download diff file Expand all files Collapse all files

4
routers/api/v1/api.go
View file

@ -1154,8 +1154,8 @@ func Routes(ctx gocontext.Context) *web.Route {
m.Group("/{username}/{reponame}", func() {
m.Group("/issues", func() {
m.Combo("").Get(repo.ListIssues).
Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueOption{}), repo.CreateIssue)
m.Get("/pinned", repo.ListPinnedIssues)
Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueOption{}), reqRepoReader(unit.TypeIssues), repo.CreateIssue)
m.Get("/pinned", reqRepoReader(unit.TypeIssues), repo.ListPinnedIssues)
m.Group("/comments", func() {
m.Get("", repo.ListRepoIssueComments)
m.Group("/{id}", func() {