peter/go-gitea
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed checking for permissions

Browse Source
This commit is contained in:
kolaente 2018-05-01 22:47:25 +02:00
parent 1a905b2b8c
commit 794ac072cd
No known key found for this signature in database
GPG Key ID: F40E70337AB24C9B
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
routers/api/v1/repo/issue.go
View File

@ -367,13 +367,6 @@ func UpdateIssueDeadline(ctx *context.APIContext, form api.CreateDeadlineOption)
// "201": // "201":
// "$ref": "#/responses/IssueDeadline" // "$ref": "#/responses/IssueDeadline"
if !ctx.Repo.IsWriter() {
ctx.JSON(401, map[string]string{
"message": "Only users with write access to this repository can manage issue deadlines.",
})
return
}
issue, err := models.GetIssueByIndex(ctx.Repo.Repository.ID, ctx.ParamsInt64(":index")) issue, err := models.GetIssueByIndex(ctx.Repo.Repository.ID, ctx.ParamsInt64(":index"))
if err != nil { if err != nil {
if models.IsErrIssueNotExist(err) { if models.IsErrIssueNotExist(err) {
@ -384,6 +377,11 @@ func UpdateIssueDeadline(ctx *context.APIContext, form api.CreateDeadlineOption)
return return
} }
if !issue.IsPoster(ctx.User.ID) && !ctx.Repo.IsWriter() {
ctx.Status(403)
return
}
var deadlineUnix util.TimeStamp var deadlineUnix util.TimeStamp
if form.Deadline != nil && !form.Deadline.IsZero() { if form.Deadline != nil && !form.Deadline.IsZero() {
deadlineUnix = util.TimeStamp(form.Deadline.Unix()) deadlineUnix = util.TimeStamp(form.Deadline.Unix())