fix bug about wrong dependencies permissions check and other wr… (#9884)
* fix bug about wrong dependencies permissions check and other wrong permissions check * improve code
This commit is contained in:
parent
e3e024876e
commit
c4e0f717e7
11 changed files with 73 additions and 48 deletions
|
@ -91,12 +91,12 @@ func (r *Repository) CanUseTimetracker(issue *models.Issue, user *models.User) b
|
||||||
// 2. Is the user a contributor, admin, poster or assignee and do the repository policies require this?
|
// 2. Is the user a contributor, admin, poster or assignee and do the repository policies require this?
|
||||||
isAssigned, _ := models.IsUserAssignedToIssue(issue, user)
|
isAssigned, _ := models.IsUserAssignedToIssue(issue, user)
|
||||||
return r.Repository.IsTimetrackerEnabled() && (!r.Repository.AllowOnlyContributorsToTrackTime() ||
|
return r.Repository.IsTimetrackerEnabled() && (!r.Repository.AllowOnlyContributorsToTrackTime() ||
|
||||||
r.Permission.CanWrite(models.UnitTypeIssues) || issue.IsPoster(user.ID) || isAssigned)
|
r.Permission.CanWriteIssuesOrPulls(issue.IsPull) || issue.IsPoster(user.ID) || isAssigned)
|
||||||
}
|
}
|
||||||
|
|
||||||
// CanCreateIssueDependencies returns whether or not a user can create dependencies.
|
// CanCreateIssueDependencies returns whether or not a user can create dependencies.
|
||||||
func (r *Repository) CanCreateIssueDependencies(user *models.User) bool {
|
func (r *Repository) CanCreateIssueDependencies(user *models.User, isPull bool) bool {
|
||||||
return r.Permission.CanWrite(models.UnitTypeIssues) && r.Repository.IsDependenciesEnabled()
|
return r.Repository.IsDependenciesEnabled() && r.Permission.CanWriteIssuesOrPulls(isPull)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetCommitsCount returns cached commit count for current view
|
// GetCommitsCount returns cached commit count for current view
|
||||||
|
|
|
@ -3134,10 +3134,11 @@ function deleteDependencyModal(id, type) {
|
||||||
|
|
||||||
function initIssueList() {
|
function initIssueList() {
|
||||||
const repolink = $('#repolink').val();
|
const repolink = $('#repolink').val();
|
||||||
|
const tp = $('#type').val();
|
||||||
$('#new-dependency-drop-list')
|
$('#new-dependency-drop-list')
|
||||||
.dropdown({
|
.dropdown({
|
||||||
apiSettings: {
|
apiSettings: {
|
||||||
url: suburl + '/api/v1/repos/' + repolink + '/issues?q={query}',
|
url: suburl + '/api/v1/repos/' + repolink + '/issues?q={query}&type='+tp,
|
||||||
onResponse: function(response) {
|
onResponse: function(response) {
|
||||||
const filteredResponse = {'success': true, 'results': []};
|
const filteredResponse = {'success': true, 'results': []};
|
||||||
const currIssueId = $('#new-dependency-drop-list').data('issue-id');
|
const currIssueId = $('#new-dependency-drop-list').data('issue-id');
|
||||||
|
|
|
@ -57,6 +57,10 @@ func ListIssues(ctx *context.APIContext) {
|
||||||
// in: query
|
// in: query
|
||||||
// description: search string
|
// description: search string
|
||||||
// type: string
|
// type: string
|
||||||
|
// - name: type
|
||||||
|
// in: query
|
||||||
|
// description: filter by type (issues / pulls) if set
|
||||||
|
// type: string
|
||||||
// responses:
|
// responses:
|
||||||
// "200":
|
// "200":
|
||||||
// "$ref": "#/responses/IssueList"
|
// "$ref": "#/responses/IssueList"
|
||||||
|
@ -91,6 +95,16 @@ func ListIssues(ctx *context.APIContext) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var isPull util.OptionalBool
|
||||||
|
switch ctx.Query("type") {
|
||||||
|
case "pulls":
|
||||||
|
isPull = util.OptionalBoolTrue
|
||||||
|
case "issues":
|
||||||
|
isPull = util.OptionalBoolFalse
|
||||||
|
default:
|
||||||
|
isPull = util.OptionalBoolNone
|
||||||
|
}
|
||||||
|
|
||||||
// Only fetch the issues if we either don't have a keyword or the search returned issues
|
// Only fetch the issues if we either don't have a keyword or the search returned issues
|
||||||
// This would otherwise return all issues if no issues were found by the search.
|
// This would otherwise return all issues if no issues were found by the search.
|
||||||
if len(keyword) == 0 || len(issueIDs) > 0 || len(labelIDs) > 0 {
|
if len(keyword) == 0 || len(issueIDs) > 0 || len(labelIDs) > 0 {
|
||||||
|
@ -101,6 +115,7 @@ func ListIssues(ctx *context.APIContext) {
|
||||||
IsClosed: isClosed,
|
IsClosed: isClosed,
|
||||||
IssueIDs: issueIDs,
|
IssueIDs: issueIDs,
|
||||||
LabelIDs: labelIDs,
|
LabelIDs: labelIDs,
|
||||||
|
IsPull: isPull,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -292,6 +307,7 @@ func EditIssue(ctx *context.APIContext, form api.EditIssueOption) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
issue.Repo = ctx.Repo.Repository
|
issue.Repo = ctx.Repo.Repository
|
||||||
|
canWrite := ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)
|
||||||
|
|
||||||
err = issue.LoadAttributes()
|
err = issue.LoadAttributes()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -299,7 +315,7 @@ func EditIssue(ctx *context.APIContext, form api.EditIssueOption) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !issue.IsPoster(ctx.User.ID) && !ctx.Repo.CanWrite(models.UnitTypeIssues) {
|
if !issue.IsPoster(ctx.User.ID) && !canWrite {
|
||||||
ctx.Status(403)
|
ctx.Status(403)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -312,7 +328,7 @@ func EditIssue(ctx *context.APIContext, form api.EditIssueOption) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Update the deadline
|
// Update the deadline
|
||||||
if form.Deadline != nil && ctx.Repo.CanWrite(models.UnitTypeIssues) {
|
if form.Deadline != nil && canWrite {
|
||||||
deadlineUnix := timeutil.TimeStamp(form.Deadline.Unix())
|
deadlineUnix := timeutil.TimeStamp(form.Deadline.Unix())
|
||||||
if err := models.UpdateIssueDeadline(issue, deadlineUnix, ctx.User); err != nil {
|
if err := models.UpdateIssueDeadline(issue, deadlineUnix, ctx.User); err != nil {
|
||||||
ctx.Error(500, "UpdateIssueDeadline", err)
|
ctx.Error(500, "UpdateIssueDeadline", err)
|
||||||
|
@ -329,7 +345,7 @@ func EditIssue(ctx *context.APIContext, form api.EditIssueOption) {
|
||||||
// Pass one or more user logins to replace the set of assignees on this Issue.
|
// Pass one or more user logins to replace the set of assignees on this Issue.
|
||||||
// Send an empty array ([]) to clear all assignees from the Issue.
|
// Send an empty array ([]) to clear all assignees from the Issue.
|
||||||
|
|
||||||
if ctx.Repo.CanWrite(models.UnitTypeIssues) && (form.Assignees != nil || form.Assignee != nil) {
|
if canWrite && (form.Assignees != nil || form.Assignee != nil) {
|
||||||
oneAssignee := ""
|
oneAssignee := ""
|
||||||
if form.Assignee != nil {
|
if form.Assignee != nil {
|
||||||
oneAssignee = *form.Assignee
|
oneAssignee = *form.Assignee
|
||||||
|
@ -342,7 +358,7 @@ func EditIssue(ctx *context.APIContext, form api.EditIssueOption) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ctx.Repo.CanWrite(models.UnitTypeIssues) && form.Milestone != nil &&
|
if canWrite && form.Milestone != nil &&
|
||||||
issue.MilestoneID != *form.Milestone {
|
issue.MilestoneID != *form.Milestone {
|
||||||
oldMilestoneID := issue.MilestoneID
|
oldMilestoneID := issue.MilestoneID
|
||||||
issue.MilestoneID = *form.Milestone
|
issue.MilestoneID = *form.Milestone
|
||||||
|
@ -430,7 +446,7 @@ func UpdateIssueDeadline(ctx *context.APIContext, form api.EditDeadlineOption) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !ctx.Repo.CanWrite(models.UnitTypeIssues) {
|
if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||||
ctx.Status(403)
|
ctx.Status(403)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -497,7 +513,7 @@ func StartIssueStopwatch(ctx *context.APIContext) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !ctx.Repo.CanWrite(models.UnitTypeIssues) {
|
if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||||
ctx.Status(403)
|
ctx.Status(403)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -566,7 +582,7 @@ func StopIssueStopwatch(ctx *context.APIContext) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !ctx.Repo.CanWrite(models.UnitTypeIssues) {
|
if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
|
||||||
ctx.Status(403)
|
ctx.Status(403)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -185,7 +185,7 @@ func CreateIssueComment(ctx *context.APIContext, form api.CreateIssueCommentOpti
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if issue.IsLocked && !ctx.Repo.CanWrite(models.UnitTypeIssues) && !ctx.User.IsAdmin {
|
if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.User.IsAdmin {
|
||||||
ctx.Error(403, "CreateIssueComment", errors.New(ctx.Tr("repo.issues.comment_on_locked")))
|
ctx.Error(403, "CreateIssueComment", errors.New(ctx.Tr("repo.issues.comment_on_locked")))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -407,7 +407,7 @@ func CompareDiff(ctx *context.Context) {
|
||||||
|
|
||||||
if !nothingToCompare {
|
if !nothingToCompare {
|
||||||
// Setup information for new form.
|
// Setup information for new form.
|
||||||
RetrieveRepoMetas(ctx, ctx.Repo.Repository)
|
RetrieveRepoMetas(ctx, ctx.Repo.Repository, true)
|
||||||
if ctx.Written() {
|
if ctx.Written() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -67,7 +67,7 @@ func MustAllowUserComment(ctx *context.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if issue.IsLocked && !ctx.Repo.CanWrite(models.UnitTypeIssues) && !ctx.User.IsAdmin {
|
if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.User.IsAdmin {
|
||||||
ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked"))
|
ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked"))
|
||||||
ctx.Redirect(issue.HTMLURL())
|
ctx.Redirect(issue.HTMLURL())
|
||||||
return
|
return
|
||||||
|
@ -346,8 +346,8 @@ func RetrieveRepoMilestonesAndAssignees(ctx *context.Context, repo *models.Repos
|
||||||
}
|
}
|
||||||
|
|
||||||
// RetrieveRepoMetas find all the meta information of a repository
|
// RetrieveRepoMetas find all the meta information of a repository
|
||||||
func RetrieveRepoMetas(ctx *context.Context, repo *models.Repository) []*models.Label {
|
func RetrieveRepoMetas(ctx *context.Context, repo *models.Repository, isPull bool) []*models.Label {
|
||||||
if !ctx.Repo.CanWrite(models.UnitTypeIssues) {
|
if !ctx.Repo.CanWriteIssuesOrPulls(isPull) {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -371,7 +371,7 @@ func RetrieveRepoMetas(ctx *context.Context, repo *models.Repository) []*models.
|
||||||
ctx.Data["Branches"] = brs
|
ctx.Data["Branches"] = brs
|
||||||
|
|
||||||
// Contains true if the user can create issue dependencies
|
// Contains true if the user can create issue dependencies
|
||||||
ctx.Data["CanCreateIssueDependencies"] = ctx.Repo.CanCreateIssueDependencies(ctx.User)
|
ctx.Data["CanCreateIssueDependencies"] = ctx.Repo.CanCreateIssueDependencies(ctx.User, isPull)
|
||||||
|
|
||||||
return labels
|
return labels
|
||||||
}
|
}
|
||||||
|
@ -441,7 +441,7 @@ func NewIssue(ctx *context.Context) {
|
||||||
setTemplateIfExists(ctx, issueTemplateKey, IssueTemplateCandidates)
|
setTemplateIfExists(ctx, issueTemplateKey, IssueTemplateCandidates)
|
||||||
renderAttachmentSettings(ctx)
|
renderAttachmentSettings(ctx)
|
||||||
|
|
||||||
RetrieveRepoMetas(ctx, ctx.Repo.Repository)
|
RetrieveRepoMetas(ctx, ctx.Repo.Repository, false)
|
||||||
if ctx.Written() {
|
if ctx.Written() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -456,7 +456,7 @@ func ValidateRepoMetas(ctx *context.Context, form auth.CreateIssueForm, isPull b
|
||||||
err error
|
err error
|
||||||
)
|
)
|
||||||
|
|
||||||
labels := RetrieveRepoMetas(ctx, ctx.Repo.Repository)
|
labels := RetrieveRepoMetas(ctx, ctx.Repo.Repository, isPull)
|
||||||
if ctx.Written() {
|
if ctx.Written() {
|
||||||
return nil, nil, 0
|
return nil, nil, 0
|
||||||
}
|
}
|
||||||
|
@ -776,8 +776,16 @@ func ViewIssue(ctx *context.Context) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if issue.IsPull && !ctx.Repo.CanRead(models.UnitTypeIssues) {
|
||||||
|
ctx.Data["IssueType"] = "pulls"
|
||||||
|
} else if !issue.IsPull && !ctx.Repo.CanRead(models.UnitTypePullRequests) {
|
||||||
|
ctx.Data["IssueType"] = "issues"
|
||||||
|
} else {
|
||||||
|
ctx.Data["IssueType"] = "all"
|
||||||
|
}
|
||||||
|
|
||||||
// Check if the user can use the dependencies
|
// Check if the user can use the dependencies
|
||||||
ctx.Data["CanCreateIssueDependencies"] = ctx.Repo.CanCreateIssueDependencies(ctx.User)
|
ctx.Data["CanCreateIssueDependencies"] = ctx.Repo.CanCreateIssueDependencies(ctx.User, issue.IsPull)
|
||||||
|
|
||||||
// Render comments and and fetch participants.
|
// Render comments and and fetch participants.
|
||||||
participants[0] = issue.Poster
|
participants[0] = issue.Poster
|
||||||
|
@ -963,7 +971,6 @@ func ViewIssue(ctx *context.Context) {
|
||||||
ctx.Data["IsIssuePoster"] = ctx.IsSigned && issue.IsPoster(ctx.User.ID)
|
ctx.Data["IsIssuePoster"] = ctx.IsSigned && issue.IsPoster(ctx.User.ID)
|
||||||
ctx.Data["IsIssueWriter"] = ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)
|
ctx.Data["IsIssueWriter"] = ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)
|
||||||
ctx.Data["IsRepoAdmin"] = ctx.IsSigned && (ctx.Repo.IsAdmin() || ctx.User.IsAdmin)
|
ctx.Data["IsRepoAdmin"] = ctx.IsSigned && (ctx.Repo.IsAdmin() || ctx.User.IsAdmin)
|
||||||
ctx.Data["IsRepoIssuesWriter"] = ctx.IsSigned && (ctx.Repo.CanWrite(models.UnitTypeIssues) || ctx.User.IsAdmin)
|
|
||||||
ctx.Data["LockReasons"] = setting.Repository.Issue.LockReasons
|
ctx.Data["LockReasons"] = setting.Repository.Issue.LockReasons
|
||||||
ctx.HTML(200, tplIssueView)
|
ctx.HTML(200, tplIssueView)
|
||||||
}
|
}
|
||||||
|
@ -1208,7 +1215,7 @@ func NewComment(ctx *context.Context, form auth.CreateCommentForm) {
|
||||||
ctx.Error(403)
|
ctx.Error(403)
|
||||||
}
|
}
|
||||||
|
|
||||||
if issue.IsLocked && !ctx.Repo.CanWrite(models.UnitTypeIssues) && !ctx.User.IsAdmin {
|
if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.User.IsAdmin {
|
||||||
ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked"))
|
ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked"))
|
||||||
ctx.Redirect(issue.HTMLURL(), http.StatusSeeOther)
|
ctx.Redirect(issue.HTMLURL(), http.StatusSeeOther)
|
||||||
return
|
return
|
||||||
|
|
|
@ -14,14 +14,6 @@ import (
|
||||||
|
|
||||||
// AddDependency adds new dependencies
|
// AddDependency adds new dependencies
|
||||||
func AddDependency(ctx *context.Context) {
|
func AddDependency(ctx *context.Context) {
|
||||||
// Check if the Repo is allowed to have dependencies
|
|
||||||
if !ctx.Repo.CanCreateIssueDependencies(ctx.User) {
|
|
||||||
ctx.Error(http.StatusForbidden, "CanCreateIssueDependencies")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
depID := ctx.QueryInt64("newDependency")
|
|
||||||
|
|
||||||
issueIndex := ctx.ParamsInt64("index")
|
issueIndex := ctx.ParamsInt64("index")
|
||||||
issue, err := models.GetIssueByIndex(ctx.Repo.Repository.ID, issueIndex)
|
issue, err := models.GetIssueByIndex(ctx.Repo.Repository.ID, issueIndex)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -29,6 +21,14 @@ func AddDependency(ctx *context.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if the Repo is allowed to have dependencies
|
||||||
|
if !ctx.Repo.CanCreateIssueDependencies(ctx.User, issue.IsPull) {
|
||||||
|
ctx.Error(http.StatusForbidden, "CanCreateIssueDependencies")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
depID := ctx.QueryInt64("newDependency")
|
||||||
|
|
||||||
// Redirect
|
// Redirect
|
||||||
defer ctx.Redirect(fmt.Sprintf("%s/issues/%d", ctx.Repo.RepoLink, issueIndex), http.StatusSeeOther)
|
defer ctx.Redirect(fmt.Sprintf("%s/issues/%d", ctx.Repo.RepoLink, issueIndex), http.StatusSeeOther)
|
||||||
|
|
||||||
|
@ -68,14 +68,6 @@ func AddDependency(ctx *context.Context) {
|
||||||
|
|
||||||
// RemoveDependency removes the dependency
|
// RemoveDependency removes the dependency
|
||||||
func RemoveDependency(ctx *context.Context) {
|
func RemoveDependency(ctx *context.Context) {
|
||||||
// Check if the Repo is allowed to have dependencies
|
|
||||||
if !ctx.Repo.CanCreateIssueDependencies(ctx.User) {
|
|
||||||
ctx.Error(http.StatusForbidden, "CanCreateIssueDependencies")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
depID := ctx.QueryInt64("removeDependencyID")
|
|
||||||
|
|
||||||
issueIndex := ctx.ParamsInt64("index")
|
issueIndex := ctx.ParamsInt64("index")
|
||||||
issue, err := models.GetIssueByIndex(ctx.Repo.Repository.ID, issueIndex)
|
issue, err := models.GetIssueByIndex(ctx.Repo.Repository.ID, issueIndex)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -83,8 +75,13 @@ func RemoveDependency(ctx *context.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Redirect
|
// Check if the Repo is allowed to have dependencies
|
||||||
ctx.Redirect(fmt.Sprintf("%s/issues/%d", ctx.Repo.RepoLink, issueIndex), http.StatusSeeOther)
|
if !ctx.Repo.CanCreateIssueDependencies(ctx.User, issue.IsPull) {
|
||||||
|
ctx.Error(http.StatusForbidden, "CanCreateIssueDependencies")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
depID := ctx.QueryInt64("removeDependencyID")
|
||||||
|
|
||||||
// Dependency Type
|
// Dependency Type
|
||||||
depTypeStr := ctx.Req.PostForm.Get("dependencyType")
|
depTypeStr := ctx.Req.PostForm.Get("dependencyType")
|
||||||
|
@ -116,4 +113,7 @@ func RemoveDependency(ctx *context.Context) {
|
||||||
ctx.ServerError("RemoveIssueDependency", err)
|
ctx.ServerError("RemoveIssueDependency", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Redirect
|
||||||
|
ctx.Redirect(fmt.Sprintf("%s/issues/%d", ctx.Repo.RepoLink, issueIndex), http.StatusSeeOther)
|
||||||
}
|
}
|
||||||
|
|
|
@ -532,18 +532,12 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||||
reqRepoReleaseReader := context.RequireRepoReader(models.UnitTypeReleases)
|
reqRepoReleaseReader := context.RequireRepoReader(models.UnitTypeReleases)
|
||||||
reqRepoWikiWriter := context.RequireRepoWriter(models.UnitTypeWiki)
|
reqRepoWikiWriter := context.RequireRepoWriter(models.UnitTypeWiki)
|
||||||
reqRepoIssueReader := context.RequireRepoReader(models.UnitTypeIssues)
|
reqRepoIssueReader := context.RequireRepoReader(models.UnitTypeIssues)
|
||||||
|
reqRepoIssueWriter := context.RequireRepoWriter(models.UnitTypeIssues)
|
||||||
reqRepoPullsWriter := context.RequireRepoWriter(models.UnitTypePullRequests)
|
reqRepoPullsWriter := context.RequireRepoWriter(models.UnitTypePullRequests)
|
||||||
reqRepoPullsReader := context.RequireRepoReader(models.UnitTypePullRequests)
|
reqRepoPullsReader := context.RequireRepoReader(models.UnitTypePullRequests)
|
||||||
reqRepoIssuesOrPullsWriter := context.RequireRepoWriterOr(models.UnitTypeIssues, models.UnitTypePullRequests)
|
reqRepoIssuesOrPullsWriter := context.RequireRepoWriterOr(models.UnitTypeIssues, models.UnitTypePullRequests)
|
||||||
reqRepoIssuesOrPullsReader := context.RequireRepoReaderOr(models.UnitTypeIssues, models.UnitTypePullRequests)
|
reqRepoIssuesOrPullsReader := context.RequireRepoReaderOr(models.UnitTypeIssues, models.UnitTypePullRequests)
|
||||||
|
|
||||||
reqRepoIssueWriter := func(ctx *context.Context) {
|
|
||||||
if !ctx.Repo.CanWrite(models.UnitTypeIssues) {
|
|
||||||
ctx.Error(403)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// ***** START: Organization *****
|
// ***** START: Organization *****
|
||||||
m.Group("/org", func() {
|
m.Group("/org", func() {
|
||||||
m.Group("", func() {
|
m.Group("", func() {
|
||||||
|
|
|
@ -78,7 +78,7 @@
|
||||||
{{ template "repo/issue/view_content/pull". }}
|
{{ template "repo/issue/view_content/pull". }}
|
||||||
{{end}}
|
{{end}}
|
||||||
{{if .IsSigned}}
|
{{if .IsSigned}}
|
||||||
{{ if and (or .IsRepoAdmin .IsRepoIssuesWriter (or (not .Issue.IsLocked))) (not .Repository.IsArchived) }}
|
{{ if and (or .IsRepoAdmin .IsIssuesWriter (or (not .Issue.IsLocked))) (not .Repository.IsArchived) }}
|
||||||
<div class="comment form">
|
<div class="comment form">
|
||||||
<a class="avatar" href="{{.SignedUser.HomeLink}}">
|
<a class="avatar" href="{{.SignedUser.HomeLink}}">
|
||||||
<img src="{{.SignedUser.RelAvatarLink}}">
|
<img src="{{.SignedUser.RelAvatarLink}}">
|
||||||
|
|
|
@ -426,6 +426,7 @@
|
||||||
<input type="hidden" id="repolink" value="{{$.RepoRelPath}}">
|
<input type="hidden" id="repolink" value="{{$.RepoRelPath}}">
|
||||||
<!-- I know, there is probably a better way to do this -->
|
<!-- I know, there is probably a better way to do this -->
|
||||||
<input type="hidden" id="issueIndex" value="{{.Issue.Index}}"/>
|
<input type="hidden" id="issueIndex" value="{{.Issue.Index}}"/>
|
||||||
|
<input type="hidden" id="type" value="{{.IssueType}}">
|
||||||
|
|
||||||
<div class="ui basic modal remove-dependency">
|
<div class="ui basic modal remove-dependency">
|
||||||
<div class="ui icon header">
|
<div class="ui icon header">
|
||||||
|
|
|
@ -2777,6 +2777,12 @@
|
||||||
"description": "search string",
|
"description": "search string",
|
||||||
"name": "q",
|
"name": "q",
|
||||||
"in": "query"
|
"in": "query"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "string",
|
||||||
|
"description": "filter by type (issues / pulls) if set",
|
||||||
|
"name": "type",
|
||||||
|
"in": "query"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"responses": {
|
"responses": {
|
||||||
|
|
Reference in a new issue