From caeb95cb1015e782b55c1192dac96b7734f0b77d Mon Sep 17 00:00:00 2001 From: Gusted Date: Sat, 25 Jan 2025 15:10:03 +0100 Subject: [PATCH] fix(sec): modify api route for variables --- routers/api/v1/org/action.go | 2 +- routers/api/v1/repo/action.go | 2 +- routers/api/v1/user/action.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/routers/api/v1/org/action.go b/routers/api/v1/org/action.go index 8cd2e00e00..99e70e0740 100644 --- a/routers/api/v1/org/action.go +++ b/routers/api/v1/org/action.go @@ -475,7 +475,7 @@ func (Action) UpdateVariable(ctx *context.APIContext) { if opt.Name == "" { opt.Name = ctx.Params("variablename") } - if _, err := actions_service.UpdateVariable(ctx, v.ID, opt.Name, opt.Value); err != nil { + if _, err := actions_service.UpdateVariable(ctx, v.ID, ctx.Org.Organization.ID, 0, opt.Name, opt.Value); err != nil { if errors.Is(err, util.ErrInvalidArgument) { ctx.Error(http.StatusBadRequest, "UpdateVariable", err) } else { diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go index 2ff52c3744..3256b1544a 100644 --- a/routers/api/v1/repo/action.go +++ b/routers/api/v1/repo/action.go @@ -414,7 +414,7 @@ func (Action) UpdateVariable(ctx *context.APIContext) { if opt.Name == "" { opt.Name = ctx.Params("variablename") } - if _, err := actions_service.UpdateVariable(ctx, v.ID, opt.Name, opt.Value); err != nil { + if _, err := actions_service.UpdateVariable(ctx, v.ID, 0, ctx.Repo.Repository.ID, opt.Name, opt.Value); err != nil { if errors.Is(err, util.ErrInvalidArgument) { ctx.Error(http.StatusBadRequest, "UpdateVariable", err) } else { diff --git a/routers/api/v1/user/action.go b/routers/api/v1/user/action.go index ec5289fdb0..c34c5950c0 100644 --- a/routers/api/v1/user/action.go +++ b/routers/api/v1/user/action.go @@ -228,7 +228,7 @@ func UpdateVariable(ctx *context.APIContext) { if opt.Name == "" { opt.Name = ctx.Params("variablename") } - if _, err := actions_service.UpdateVariable(ctx, v.ID, opt.Name, opt.Value); err != nil { + if _, err := actions_service.UpdateVariable(ctx, v.ID, ctx.Doer.ID, 0, opt.Name, opt.Value); err != nil { if errors.Is(err, util.ErrInvalidArgument) { ctx.Error(http.StatusBadRequest, "UpdateVariable", err) } else {