mirror of
1
Fork 0
forgejo/routers/api/v1/repo
zeripath 0b4a8be26b
Ensure that restricted users can access repos for which they are members (#17460)
There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 10:54:40 +08:00
..
blob.go Swagger info corrections (#9441) 2019-12-20 19:07:12 +02:00
branch.go Support unprotected file patterns (#16395) 2021-09-11 16:21:17 +02:00
collaborators.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
commits.go Add API to get commit diff/patch (#17095) 2021-09-20 18:14:29 +02:00
file.go Add caller to cat-file batch calls (#17082) 2021-09-17 20:54:15 -04:00
fork.go Refactor the fork service slightly to take ForkRepoOptions (#16744) 2021-08-28 16:37:14 +08:00
git_hook.go Move macaron to chi (#14293) 2021-01-26 16:36:53 +01:00
git_ref.go Let branch/tag name be a valid ref to get CI status (#16400) 2021-07-13 08:14:14 +01:00
hook.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
hook_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
issue.go API: don't allow merged PRs to be reopened (#17192) 2021-10-02 23:11:17 -04:00
issue_comment.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
issue_label.go Calculate label URL on API (#16186) 2021-09-10 18:03:16 +02:00
issue_reaction.go [refactor] Unify the export of user data via API (#15144) 2021-03-27 17:45:26 +01:00
issue_stopwatch.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
issue_subscription.go [refactor] Unify the export of user data via API (#15144) 2021-03-27 17:45:26 +01:00
issue_tracked_time.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
key.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
label.go Calculate label URL on API (#16186) 2021-09-10 18:03:16 +02:00
language.go Add language statistics API endpoint (#11737) 2020-06-07 14:48:41 +03:00
main_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
migrate.go Make mirror feature more configurable (#16957) 2021-09-07 17:49:36 +02:00
milestone.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
mirror.go Make mirror feature more configurable (#16957) 2021-09-07 17:49:36 +02:00
notes.go Add an api endpoint to fetch git notes (#15373) (#16649) 2021-08-11 03:01:40 +02:00
pull.go Add buttons to allow loading of incomplete diffs (#16829) 2021-10-15 17:05:33 +01:00
pull_review.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
release.go Ensure that restricted users can access repos for which they are members (#17460) 2021-10-28 10:54:40 +08:00
release_attachment.go Add repo_id for attachment (#16958) 2021-09-08 17:19:30 +02:00
release_tags.go [API] Add delete release by tag & fix unreleased inconsistency (#14563) 2021-02-07 19:32:18 +01:00
repo.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
repo_test.go Move db related basic functions to models/db (#17075) 2021-09-19 19:49:59 +08:00
star.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
status.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
subscriber.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
tag.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
teams.go [API] List, Check, Add & delete endpoints for repository teams (#13630) 2021-02-01 22:57:12 +01:00
topic.go [API] generalize list header (#16551) 2021-08-12 14:43:08 +02:00
transfer.go Repository transfer has to be confirmed, if user can not create repo for new owner (#14792) 2021-03-01 01:47:30 +01:00
tree.go Rename context.Query to context.Form (#16562) 2021-07-29 03:42:15 +02:00
wiki.go Add API to get/edit wiki (#17278) 2021-10-25 11:43:40 +08:00