From 9d9ad1b59fe062e4e87248a7333dc6414260815c Mon Sep 17 00:00:00 2001 From: zeripath Date: Wed, 26 Jan 2022 22:09:35 +0000 Subject: [PATCH] Only view milestones from current repo (#18414) (#18418) Backport #18414 The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to the repo. This PR restricts the milestones to those within the repo. Signed-off-by: Andrew Thornton --- models/issue_milestone.go | 16 ---------------- routers/web/repo/issue.go | 31 ++++++++++++++----------------- routers/web/repo/milestone.go | 2 +- 3 files changed, 15 insertions(+), 34 deletions(-) diff --git a/models/issue_milestone.go b/models/issue_milestone.go index 5e934cde0..81fa2baba 100644 --- a/models/issue_milestone.go +++ b/models/issue_milestone.go @@ -127,22 +127,6 @@ func GetMilestoneByRepoIDANDName(repoID int64, name string) (*Milestone, error) return &mile, nil } -// GetMilestoneByID returns the milestone via id . -func GetMilestoneByID(id int64) (*Milestone, error) { - return getMilestoneByID(x, id) -} - -func getMilestoneByID(e Engine, id int64) (*Milestone, error) { - var m Milestone - has, err := e.ID(id).Get(&m) - if err != nil { - return nil, err - } else if !has { - return nil, ErrMilestoneNotExist{ID: id, RepoID: 0} - } - return &m, nil -} - // UpdateMilestone updates information of given milestone. func UpdateMilestone(m *Milestone, oldIsClosed bool) error { sess := x.NewSession() diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go index 30cfc23ee..4c55dc748 100644 --- a/routers/web/repo/issue.go +++ b/routers/web/repo/issue.go @@ -51,17 +51,15 @@ const ( issueTemplateTitleKey = "IssueTemplateTitle" ) -var ( - // IssueTemplateCandidates issue templates - IssueTemplateCandidates = []string{ - "ISSUE_TEMPLATE.md", - "issue_template.md", - ".gitea/ISSUE_TEMPLATE.md", - ".gitea/issue_template.md", - ".github/ISSUE_TEMPLATE.md", - ".github/issue_template.md", - } -) +// IssueTemplateCandidates issue templates +var IssueTemplateCandidates = []string{ + "ISSUE_TEMPLATE.md", + "issue_template.md", + ".gitea/ISSUE_TEMPLATE.md", + ".gitea/issue_template.md", + ".github/ISSUE_TEMPLATE.md", + ".github/issue_template.md", +} // MustAllowUserComment checks to make sure if an issue is locked. // If locked and user has permissions to write to the repository, @@ -239,7 +237,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption uti } } - var issueList = models.IssueList(issues) + issueList := models.IssueList(issues) approvalCounts, err := issueList.GetApprovalCounts() if err != nil { ctx.ServerError("ApprovalCounts", err) @@ -422,7 +420,6 @@ func RetrieveRepoMilestonesAndAssignees(ctx *context.Context, repo *models.Repos } func retrieveProjects(ctx *context.Context, repo *models.Repository) { - var err error ctx.Data["OpenProjects"], _, err = models.GetProjects(models.ProjectSearchOptions{ @@ -781,7 +778,7 @@ func NewIssue(ctx *context.Context) { milestoneID := ctx.QueryInt64("milestone") if milestoneID > 0 { - milestone, err := models.GetMilestoneByID(milestoneID) + milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID) if err != nil { log.Error("GetMilestoneByID: %d: %v", milestoneID, err) } else { @@ -865,7 +862,7 @@ func ValidateRepoMetas(ctx *context.Context, form forms.CreateIssueForm, isPull // Check milestone. milestoneID := form.MilestoneID if milestoneID > 0 { - ctx.Data["Milestone"], err = repo.GetMilestoneByID(milestoneID) + ctx.Data["Milestone"], err = models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID) if err != nil { ctx.ServerError("GetMilestoneByID", err) return nil, nil, 0, 0 @@ -2446,7 +2443,7 @@ func filterXRefComments(ctx *context.Context, issue *models.Issue) error { // GetIssueAttachments returns attachments for the issue func GetIssueAttachments(ctx *context.Context) { issue := GetActionIssue(ctx) - var attachments = make([]*api.Attachment, len(issue.Attachments)) + attachments := make([]*api.Attachment, len(issue.Attachments)) for i := 0; i < len(issue.Attachments); i++ { attachments[i] = convert.ToReleaseAttachment(issue.Attachments[i]) } @@ -2460,7 +2457,7 @@ func GetCommentAttachments(ctx *context.Context) { ctx.NotFoundOrServerError("GetCommentByID", models.IsErrCommentNotExist, err) return } - var attachments = make([]*api.Attachment, 0) + attachments := make([]*api.Attachment, 0) if comment.Type == models.CommentTypeComment { if err := comment.LoadAttachments(); err != nil { ctx.ServerError("LoadAttachments", err) diff --git a/routers/web/repo/milestone.go b/routers/web/repo/milestone.go index 129f1a559..bf6027a93 100644 --- a/routers/web/repo/milestone.go +++ b/routers/web/repo/milestone.go @@ -268,7 +268,7 @@ func DeleteMilestone(ctx *context.Context) { // MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone func MilestoneIssuesAndPulls(ctx *context.Context) { milestoneID := ctx.ParamsInt64(":id") - milestone, err := models.GetMilestoneByID(milestoneID) + milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID) if err != nil { if models.IsErrMilestoneNotExist(err) { ctx.NotFound("GetMilestoneByID", err)