1
0
Fork 0
forgejo/modules
zeripath 0b4a8be26b
Ensure that restricted users can access repos for which they are members (#17460)
There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 10:54:40 +08:00
..
activitypub Create pub/priv keypair for federation (#17071) 2021-09-28 15:19:22 -04:00
analyze Use git attributes to determine generated and vendored status for language stats and diffs (#16773) 2021-09-09 21:13:36 +01:00
appstate Sync gitea app path for git hooks and authorized keys when starting (#17335) 2021-10-21 17:22:43 +08:00
auth Add bundle download for repository (#14538) 2021-08-24 11:47:09 -05:00
avatar refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
base Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
cache Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
charset Read expected buffer size (#17409) 2021-10-24 22:12:43 +01:00
context Ensure that restricted users can access repos for which they are members (#17460) 2021-10-28 10:54:40 +08:00
convert In many cases user avatar link should be an absolute URL with http host (#17420) 2021-10-25 13:01:16 +08:00
cron Refactor update checker to use AppState (#17387) 2021-10-21 17:10:49 +01:00
csv Fixes #16559 - Do not trim leading spaces for tab delimited (#17442) 2021-10-26 16:46:56 -05:00
doctor Nicely handle missing user in collaborations (#17049) 2021-09-27 19:07:19 +01:00
emoji Run processors on whole of text (#16155) 2021-06-17 11:35:05 +01:00
eventsource Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
generate switch to maintained lib (#16532) 2021-07-24 13:00:41 +02:00
git Read expected buffer size (#17409) 2021-10-24 22:12:43 +01:00
gitgraph Fix some lints (#17337) 2021-10-17 20:47:12 +01:00
graceful Fix some lints (#17337) 2021-10-17 20:47:12 +01:00
hcaptcha hCaptcha Support (#12594) 2020-10-02 23:37:53 -04:00
highlight Prevent panic in Org mode HighlightCodeBlock (#17140) 2021-09-24 14:29:32 +01:00
httpcache Use a variable but a function for IsProd because of a slight performance increment (#17368) 2021-10-20 16:37:19 +02:00
httplib refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
indexer Fix some lints (#17337) 2021-10-17 20:47:12 +01:00
json Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
lfs Fix some lints (#17337) 2021-10-17 20:47:12 +01:00
log refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
markup Fix issue markdown bugs (#17411) 2021-10-23 21:38:12 +08:00
matchlist Add Allow-/Block-List for Migrate & Mirrors (#13610) 2020-11-28 19:37:58 -05:00
metrics Add metrics to get issues by repository (#17225) 2021-10-05 20:39:37 +02:00
migrations Upgrade go-github to v39 (#17437) 2021-10-26 08:19:21 +01:00
nosql Fix setting redis db path (#15698) 2021-05-03 13:24:24 -04:00
notification API pull's head/base have correct permission (#17214) 2021-10-07 02:03:37 +02:00
options refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
password Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
pprof refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
private refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
process Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
proxy Return nil proxy function if proxy not enabled (#16742) 2021-08-19 16:41:20 -04:00
public refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
queue Make the Mirror Queue a queue (#17326) 2021-10-17 12:43:25 +01:00
recaptcha refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
references Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
repofiles Read expected buffer size (#17409) 2021-10-24 22:12:43 +01:00
repository Sync gitea app path for git hooks and authorized keys when starting (#17335) 2021-10-21 17:22:43 +08:00
secret Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
session Move session to models/login (#17338) 2021-10-17 19:51:56 +01:00
setting Sync gitea app path for git hooks and authorized keys when starting (#17335) 2021-10-21 17:22:43 +08:00
ssh Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) 2021-10-20 15:55:33 -04:00
storage refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
structs Add API to get/edit wiki (#17278) 2021-10-25 11:43:40 +08:00
svg refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
sync Fix missing unlock in uniquequeue (#9790) 2020-01-15 23:58:33 +02:00
task Fix bug of migrated repository not index (#16991) 2021-09-08 18:43:19 +01:00
templates Use a variable but a function for IsProd because of a slight performance increment (#17368) 2021-10-20 16:37:19 +02:00
test Upgrade chi to v5 (#17298) 2021-10-13 22:50:23 -04:00
timeutil Allow mocking timeutil (#17354) 2021-10-18 21:12:26 +01:00
translation Use index of the supported tags to choose user lang (#15452) 2021-04-14 19:52:01 +01:00
typesniffer Read expected buffer size (#17409) 2021-10-24 22:12:43 +01:00
updatechecker Refactor update checker to use AppState (#17387) 2021-10-21 17:10:49 +01:00
upload Update golangci-lint to version 1.31.0 (#13102) 2020-10-11 21:27:20 +01:00
uri Dump github/gitlab/gitea repository data to a local directory and restore to gitea (#12244) 2020-12-27 11:34:19 +08:00
user Add gitea-vet (#10948) 2020-04-05 07:20:50 +01:00
util Read expected buffer size (#17409) 2021-10-24 22:12:43 +01:00
validation Upgrade chi to v5 (#17298) 2021-10-13 22:50:23 -04:00
web Upgrade chi to v5 (#17298) 2021-10-13 22:50:23 -04:00