mirrors
/
forgejo
mirror of
1
Fork 0
Code Issues Releases Activity
forgejo/modules
History
zeripath 0b4a8be26b
Ensure that restricted users can access repos for which they are members (#17460) 
There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
 		2021-10-28 10:54:40 +08:00
..
activitypub
analyze
appstate Sync gitea app path for git hooks and authorized keys when starting (#17335) 2021-10-21 17:22:43 +08:00
auth
avatar
base
cache
charset Read expected buffer size (#17409) 2021-10-24 22:12:43 +01:00
context Ensure that restricted users can access repos for which they are members (#17460) 2021-10-28 10:54:40 +08:00
convert In many cases user avatar link should be an absolute URL with http host (#17420) 2021-10-25 13:01:16 +08:00
cron Refactor update checker to use AppState (#17387) 2021-10-21 17:10:49 +01:00
csv Fixes #16559 - Do not trim leading spaces for tab delimited (#17442) 2021-10-26 16:46:56 -05:00
doctor
emoji
eventsource
generate
git Read expected buffer size (#17409) 2021-10-24 22:12:43 +01:00
gitgraph Fix some lints (#17337) 2021-10-17 20:47:12 +01:00
graceful Fix some lints (#17337) 2021-10-17 20:47:12 +01:00
hcaptcha
highlight
httpcache Use a variable but a function for IsProd because of a slight performance increment (#17368) 2021-10-20 16:37:19 +02:00
httplib
indexer Fix some lints (#17337) 2021-10-17 20:47:12 +01:00
json
lfs Fix some lints (#17337) 2021-10-17 20:47:12 +01:00
log
markup Fix issue markdown bugs (#17411) 2021-10-23 21:38:12 +08:00
matchlist
metrics
migrations Upgrade go-github to v39 (#17437) 2021-10-26 08:19:21 +01:00
nosql
notification API pull's head/base have correct permission (#17214) 2021-10-07 02:03:37 +02:00
options
password
pprof
private
process
proxy
public
queue Make the Mirror Queue a queue (#17326) 2021-10-17 12:43:25 +01:00
recaptcha
references
repofiles Read expected buffer size (#17409) 2021-10-24 22:12:43 +01:00
repository Sync gitea app path for git hooks and authorized keys when starting (#17335) 2021-10-21 17:22:43 +08:00
secret
session Move session to models/login (#17338) 2021-10-17 19:51:56 +01:00
setting Sync gitea app path for git hooks and authorized keys when starting (#17335) 2021-10-21 17:22:43 +08:00
ssh Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) 2021-10-20 15:55:33 -04:00
storage
structs Add API to get/edit wiki (#17278) 2021-10-25 11:43:40 +08:00
svg
sync
task
templates Use a variable but a function for IsProd because of a slight performance increment (#17368) 2021-10-20 16:37:19 +02:00
test Upgrade chi to v5 (#17298) 2021-10-13 22:50:23 -04:00
timeutil Allow mocking timeutil (#17354) 2021-10-18 21:12:26 +01:00
translation
typesniffer Read expected buffer size (#17409) 2021-10-24 22:12:43 +01:00
updatechecker Refactor update checker to use AppState (#17387) 2021-10-21 17:10:49 +01:00
upload
uri
user
util Read expected buffer size (#17409) 2021-10-24 22:12:43 +01:00
validation Upgrade chi to v5 (#17298) 2021-10-13 22:50:23 -04:00
web Upgrade chi to v5 (#17298) 2021-10-13 22:50:23 -04:00