From c6fb7fe27c16c4e43d4d8dbe4d2ff4b3c4c52a29 Mon Sep 17 00:00:00 2001 From: David Svantesson Date: Fri, 27 Sep 2019 04:24:06 +0200 Subject: [PATCH] Fix API for edit and delete release attachment (#8285) * Add logging for when user requested attachment doesn't belong to the specified release. * Fix API to use correct variable for release asset (attachment) --- routers/api/v1/repo/release_attachment.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/routers/api/v1/repo/release_attachment.go b/routers/api/v1/repo/release_attachment.go index 67802fd9e7..c49e4d3e34 100644 --- a/routers/api/v1/repo/release_attachment.go +++ b/routers/api/v1/repo/release_attachment.go @@ -9,6 +9,7 @@ import ( "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/context" + "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" api "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/upload" @@ -55,6 +56,7 @@ func GetReleaseAttachment(ctx *context.APIContext) { return } if attach.ReleaseID != releaseID { + log.Info("User requested attachment is not in release, release_id %v, attachment_id: %v", releaseID, attachID) ctx.NotFound() return } @@ -242,13 +244,14 @@ func EditReleaseAttachment(ctx *context.APIContext, form api.EditAttachmentOptio // Check if release exists an load release releaseID := ctx.ParamsInt64(":id") - attachID := ctx.ParamsInt64(":attachment") + attachID := ctx.ParamsInt64(":asset") attach, err := models.GetAttachmentByID(attachID) if err != nil { ctx.Error(500, "GetAttachmentByID", err) return } if attach.ReleaseID != releaseID { + log.Info("User requested attachment is not in release, release_id %v, attachment_id: %v", releaseID, attachID) ctx.NotFound() return } @@ -299,13 +302,14 @@ func DeleteReleaseAttachment(ctx *context.APIContext) { // Check if release exists an load release releaseID := ctx.ParamsInt64(":id") - attachID := ctx.ParamsInt64(":attachment") + attachID := ctx.ParamsInt64(":asset") attach, err := models.GetAttachmentByID(attachID) if err != nil { ctx.Error(500, "GetAttachmentByID", err) return } if attach.ReleaseID != releaseID { + log.Info("User requested attachment is not in release, release_id %v, attachment_id: %v", releaseID, attachID) ctx.NotFound() return }