mirror of https://github.com/go-gitea/gitea.git
Fix milestone appliance and permission checks (#4271)
* Fix milestone appliance Fix missing permission check Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix comment * Add Gitea copyright line
This commit is contained in:
parent
3f2f5752cb
commit
467ff4d343
|
@ -1,4 +1,5 @@
|
||||||
// Copyright 2016 The Gogs Authors. All rights reserved.
|
// Copyright 2016 The Gogs Authors. All rights reserved.
|
||||||
|
// Copyright 2018 The Gitea Authors. All rights reserved.
|
||||||
// Use of this source code is governed by a MIT-style
|
// Use of this source code is governed by a MIT-style
|
||||||
// license that can be found in the LICENSE file.
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
@ -165,7 +166,7 @@ func CreateIssue(ctx *context.APIContext, form api.CreateIssueOption) {
|
||||||
// "$ref": "#/responses/Issue"
|
// "$ref": "#/responses/Issue"
|
||||||
|
|
||||||
var deadlineUnix util.TimeStamp
|
var deadlineUnix util.TimeStamp
|
||||||
if form.Deadline != nil {
|
if form.Deadline != nil && ctx.Repo.IsWriter() {
|
||||||
deadlineUnix = util.TimeStamp(form.Deadline.Unix())
|
deadlineUnix = util.TimeStamp(form.Deadline.Unix())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -178,8 +179,11 @@ func CreateIssue(ctx *context.APIContext, form api.CreateIssueOption) {
|
||||||
DeadlineUnix: deadlineUnix,
|
DeadlineUnix: deadlineUnix,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get all assignee IDs
|
var assigneeIDs = make([]int64, 0)
|
||||||
assigneeIDs, err := models.MakeIDsFromAPIAssigneesToAdd(form.Assignee, form.Assignees)
|
var err error
|
||||||
|
if ctx.Repo.IsWriter() {
|
||||||
|
issue.MilestoneID = form.Milestone
|
||||||
|
assigneeIDs, err = models.MakeIDsFromAPIAssigneesToAdd(form.Assignee, form.Assignees)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if models.IsErrUserNotExist(err) {
|
if models.IsErrUserNotExist(err) {
|
||||||
ctx.Error(422, "", fmt.Sprintf("Assignee does not exist: [name: %s]", err))
|
ctx.Error(422, "", fmt.Sprintf("Assignee does not exist: [name: %s]", err))
|
||||||
|
@ -188,6 +192,10 @@ func CreateIssue(ctx *context.APIContext, form api.CreateIssueOption) {
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
// setting labels is not allowed if user is not a writer
|
||||||
|
form.Labels = make([]int64, 0)
|
||||||
|
}
|
||||||
|
|
||||||
if err := models.NewIssue(ctx.Repo.Repository, issue, form.Labels, assigneeIDs, nil); err != nil {
|
if err := models.NewIssue(ctx.Repo.Repository, issue, form.Labels, assigneeIDs, nil); err != nil {
|
||||||
if models.IsErrUserDoesNotHaveAccessToRepo(err) {
|
if models.IsErrUserDoesNotHaveAccessToRepo(err) {
|
||||||
|
|
Loading…
Reference in New Issue