1
1
mirror of https://github.com/go-gitea/gitea synced 2024-11-13 05:34:25 +00:00
gitea/services
Gusted 6162fb0a19
Check for permission when fetching user controlled issues (#20133) (#20196)
* Check if project has the same repository id with issue when assign project to issue

* Check if issue's repository id match project's repository id

* Add more permission checking

* Remove invalid argument

* Fix errors

* Add generic check

* Remove duplicated check

* Return error + add check for new issues

* Apply suggestions from code review

Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: 6543 <6543@obermui.de>
2022-07-01 17:39:10 +02:00
..
agit Fix various typos (#18219) 2022-01-10 17:32:37 +08:00
asymkey Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
attachment Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
auth Respect DefaultUserIsRestricted system default when creating new user (#19310 ) (#19560) 2022-04-30 15:00:14 +02:00
comments Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
cron Some repository refactors (#17950) 2021-12-12 23:48:20 +08:00
externalaccount Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
forms Move checks for pulls before merge into own function (#19271) (#19277) 2022-03-31 16:57:13 +02:00
gitdiff Bump to build with go1.18 (#19120 et al) (#19127) 2022-03-19 18:46:47 +01:00
issue Fix bug (#19757) 2022-05-20 00:03:52 +02:00
lfs Support webauthn (#17957) 2022-01-14 16:03:31 +01:00
mailer Set Setpgid on child git processes (#19865) (#19881) 2022-06-03 23:39:15 -04:00
migrations ignore DNS error when doing migration allow/block check (#19567) 2022-05-02 08:11:45 +03:00
mirror Use full output of git show-ref --tags to get tags for PushUpdateAddTag (#19235) (#19236) 2022-03-29 23:19:57 +03:00
org Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
pull Check for permission when fetching user controlled issues (#20133) (#20196) 2022-07-01 17:39:10 +02:00
release fix permission check for delete tag (#19985) (#20001) 2022-06-17 22:52:47 +01:00
repository Avoid MoreThanOne Error (#19557) (#19591) 2022-05-03 20:36:58 +08:00
task Some repository refactors (#17950) 2021-12-12 23:48:20 +08:00
user Move keys to models/asymkey (#17917) 2021-12-10 16:14:24 +08:00
webhook Only send webhook events to active system webhooks and only deliver to active hooks (#19234) (#19248) 2022-03-29 14:12:56 +02:00
wiki Fix various typos (#18219) 2022-01-10 17:32:37 +08:00