a2958f5a26
- The security patch of forgejo/forgejo#6843 fixed the issue where project boards loaded all issues without considering if the doer actually had permission to view that issue. Within that patch the call to `Issues` was modified to include this permission checking. - The query being generated was not entirely correct. Issues in public repositories weren't considered correctly (partly the fault of not setting `AllPublic` unconditionally) in the cause an authenticated user loaded the project. - This is now fixed by setting `AllPublic` unconditionally and subsequently fixing the `Issue` function to ensure that the combination of setting `AllPublic` and `User` generates the correct query, by combining the permission check and issues in public repositories as one `AND` query. - Added unit testing. - Added integration testing. - Resolves Codeberg/Community#1809 - Regression of https://codeberg.org/forgejo/forgejo/pulls/6843 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7143 Reviewed-by: Otto <otto@codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz> |
||
|---|---|---|
| .. | ||
| e2e | ||
| fuzz | ||
| gitea-lfs-meta | ||
| gitea-repositories-meta | ||
| integration | ||
| testdata/data | ||
| mysql.ini.tmpl | ||
| pgsql.ini.tmpl | ||
| sqlite.ini.tmpl | ||
| test_utils.go | ||