luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-05-25 11:22:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Fix wrong permissions check when issues/prs shared operations (#9885)

Browse source 
* Fix wrong permissions check when issues/prs shared operations

* move redirect to the last of the function

* fix swagger

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
This commit is contained in:
Lunny Xiao 2020-01-20 20:00:32 +08:00 committed by Antoine GIRARD
parent 81cfe243f9
commit 6d6f1d568e
11 changed files with 43 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/repofiles/action.go
View file

@ -104,8 +104,8 @@ func UpdateIssuesCommit(doer *models.User, repo *models.Repository, commits []*r
refMarked[key] = true
// FIXME: this kind of condition is all over the code, it should be consolidated in a single place
canclose := perm.IsAdmin() || perm.IsOwner() || perm.CanWrite(models.UnitTypeIssues) || refIssue.PosterID == doer.ID
cancomment := canclose || perm.CanRead(models.UnitTypeIssues)
canclose := perm.IsAdmin() || perm.IsOwner() || perm.CanWriteIssuesOrPulls(refIssue.IsPull) || refIssue.PosterID == doer.ID
cancomment := canclose || perm.CanReadIssuesOrPulls(refIssue.IsPull)
// Don't proceed if the user can't comment
if !cancomment {