tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 18:28:37 +00:00
Code Releases Activity

Fix comment permissions (#28213)

Browse Source 
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
This commit is contained in:
Lunny Xiao
2023-11-26 01:21:21 +08:00
committed by GitHub
parent 80217cacfc
commit 882e502327
34 changed files with 417 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
routers/api/v1/api.go
View File

@@ -1259,8 +1259,8 @@ func Routes() *web.Route {
m.Group("/{username}/{reponame}", func() {
m.Group("/issues", func() {
m.Combo("").Get(repo.ListIssues).
Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueOption{}), repo.CreateIssue)
m.Get("/pinned", repo.ListPinnedIssues)
Post(reqToken(), mustNotBeArchived, bind(api.CreateIssueOption{}), reqRepoReader(unit.TypeIssues), repo.CreateIssue)
m.Get("/pinned", reqRepoReader(unit.TypeIssues), repo.ListPinnedIssues)
m.Group("/comments", func() {
m.Get("", repo.ListRepoIssueComments)
m.Group("/{id}", func() {