Fix milestone appliance and permission checks (#4271)

* Fix milestone appliance
Fix missing permission check

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix comment

* Add Gitea copyright line
tokarchuk/v1.17
Jonas Franz 6 years ago committed by Lunny Xiao
parent 3f2f5752cb
commit 467ff4d343
  1. 14
      routers/api/v1/repo/issue.go

@ -1,4 +1,5 @@
// Copyright 2016 The Gogs Authors. All rights reserved. // Copyright 2016 The Gogs Authors. All rights reserved.
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style // Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file. // license that can be found in the LICENSE file.
@ -165,7 +166,7 @@ func CreateIssue(ctx *context.APIContext, form api.CreateIssueOption) {
// "$ref": "#/responses/Issue" // "$ref": "#/responses/Issue"
var deadlineUnix util.TimeStamp var deadlineUnix util.TimeStamp
if form.Deadline != nil { if form.Deadline != nil && ctx.Repo.IsWriter() {
deadlineUnix = util.TimeStamp(form.Deadline.Unix()) deadlineUnix = util.TimeStamp(form.Deadline.Unix())
} }
@ -178,8 +179,11 @@ func CreateIssue(ctx *context.APIContext, form api.CreateIssueOption) {
DeadlineUnix: deadlineUnix, DeadlineUnix: deadlineUnix,
} }
// Get all assignee IDs var assigneeIDs = make([]int64, 0)
assigneeIDs, err := models.MakeIDsFromAPIAssigneesToAdd(form.Assignee, form.Assignees) var err error
if ctx.Repo.IsWriter() {
issue.MilestoneID = form.Milestone
assigneeIDs, err = models.MakeIDsFromAPIAssigneesToAdd(form.Assignee, form.Assignees)
if err != nil { if err != nil {
if models.IsErrUserNotExist(err) { if models.IsErrUserNotExist(err) {
ctx.Error(422, "", fmt.Sprintf("Assignee does not exist: [name: %s]", err)) ctx.Error(422, "", fmt.Sprintf("Assignee does not exist: [name: %s]", err))
@ -188,6 +192,10 @@ func CreateIssue(ctx *context.APIContext, form api.CreateIssueOption) {
} }
return return
} }
} else {
// setting labels is not allowed if user is not a writer
form.Labels = make([]int64, 0)
}
if err := models.NewIssue(ctx.Repo.Repository, issue, form.Labels, assigneeIDs, nil); err != nil { if err := models.NewIssue(ctx.Repo.Repository, issue, form.Labels, assigneeIDs, nil); err != nil {
if models.IsErrUserDoesNotHaveAccessToRepo(err) { if models.IsErrUserDoesNotHaveAccessToRepo(err) {

Loading…
Cancel
Save