mirror of
1
Fork 0

Fix users cannot visit issue attachment bug (#25019)

Caused by #24362

Co-authored-by: Giteabot <teabot@gitea.io>
This commit is contained in:
Lunny Xiao 2023-06-01 01:06:17 +08:00 committed by GitHub
parent 48bfea6705
commit 5d23c885ed
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 5 deletions

View File

@ -110,11 +110,6 @@ func ServeAttachment(ctx *context.Context, uuid string) {
return return
} }
} else { // If we have the repository we check access } else { // If we have the repository we check access
context.CheckRepoScopedToken(ctx, repository)
if ctx.Written() {
return
}
perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer) perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer)
if err != nil { if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error()) ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error())

View File

@ -89,6 +89,9 @@ func TestCreateIssueAttachment(t *testing.T) {
// Validate that attachment is available // Validate that attachment is available
req = NewRequest(t, "GET", "/attachments/"+uuid) req = NewRequest(t, "GET", "/attachments/"+uuid)
session.MakeRequest(t, req, http.StatusOK) session.MakeRequest(t, req, http.StatusOK)
// anonymous visit should be allowed because user2/repo1 is a public repository
MakeRequest(t, req, http.StatusOK)
} }
func TestGetAttachment(t *testing.T) { func TestGetAttachment(t *testing.T) {