mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-04-20 14:09:25 +00:00
fix: allow user with actions write permission to run a workflow from the web UI (#7245)
Some checks are pending
/ release (push) Waiting to run
testing / backend-checks (push) Has been skipped
testing / frontend-checks (push) Has been skipped
testing / test-unit (push) Has been skipped
testing / test-e2e (push) Has been skipped
testing / test-mysql (push) Has been skipped
testing / test-pgsql (push) Has been skipped
testing / test-sqlite (push) Has been skipped
testing / test-remote-cacher (redis) (push) Has been skipped
testing / test-remote-cacher (valkey) (push) Has been skipped
testing / test-remote-cacher (garnet) (push) Has been skipped
testing / test-remote-cacher (redict) (push) Has been skipped
testing / security-check (push) Has been skipped
Some checks are pending
/ release (push) Waiting to run
testing / backend-checks (push) Has been skipped
testing / frontend-checks (push) Has been skipped
testing / test-unit (push) Has been skipped
testing / test-e2e (push) Has been skipped
testing / test-mysql (push) Has been skipped
testing / test-pgsql (push) Has been skipped
testing / test-sqlite (push) Has been skipped
testing / test-remote-cacher (redis) (push) Has been skipped
testing / test-remote-cacher (valkey) (push) Has been skipped
testing / test-remote-cacher (garnet) (push) Has been skipped
testing / test-remote-cacher (redict) (push) Has been skipped
testing / security-check (push) Has been skipped
Users with permissions actions write can reschedule a workflow or start a new one over the API. But if the user try to use workflow dispatch on the web GUI it fails with 404 error. Debug log says ``` router: completed POST /<owner>/<repo>/actions/manual for <client ip>, 404 Not Found in 21.6ms @ context/permission.go:17(web.registerRoutes.RequireRepoAdmin) ``` I think this is not correct, users with permissons action write should also be able to run a new workflow over the GUI. This can be fixed with this little change. ## Testing - Create a repository in an organization with [a manual workflow](https://forgejo.org/docs/next/user/actions/#onworkflow_dispatch) - Create a user and assign it action write permissions for this repository in a team - Login as the user and verify they are allowed to run the workflow via the web UI <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - User Interface bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/7245): <!--number 7245 --><!--line 0 --><!--description YWxsb3cgdXNlciB3aXRoIGFjdGlvbnMgd3JpdGUgcGVybWlzc2lvbiB0byBydW4gYSB3b3JrZmxvdyBmcm9tIHRoZSB3ZWIgVUk=-->allow user with actions write permission to run a workflow from the web UI<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7245 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Stefan <stku@noreply.codeberg.org> Co-committed-by: Stefan <stku@noreply.codeberg.org>
This commit is contained in:
Stefan
Earl Warren
parent
58653d3700
commit
f3882d4553
1 changed files with 1 additions and 1 deletions
|
|
@ -1393,7 +1393,7 @@ func registerRoutes(m *web.Route) {
|
|||
m.Get("", actions.List)
|
||||
m.Post("/disable", reqRepoAdmin, actions.DisableWorkflowFile)
|
||||
m.Post("/enable", reqRepoAdmin, actions.EnableWorkflowFile)
|
||||
m.Post("/manual", reqRepoAdmin, actions.ManualRunWorkflow)
|
||||
m.Post("/manual", reqRepoActionsWriter, actions.ManualRunWorkflow)
|
||||
|
||||
m.Group("/runs", func() {
|
||||
m.Get("/latest", actions.ViewLatest)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue