From 73ae6b21d1b993e9936224b79b0bc743dbf382fc Mon Sep 17 00:00:00 2001 From: Giteabot Date: Thu, 1 Jun 2023 13:22:26 -0400 Subject: [PATCH] Fix users cannot visit issue attachment bug (#25019) (#25027) Backport #25019 by @lunny Caused by #24362 Co-authored-by: Lunny Xiao Co-authored-by: John Olheiser --- routers/web/repo/attachment.go | 5 ----- tests/integration/attachment_test.go | 3 +++ 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/routers/web/repo/attachment.go b/routers/web/repo/attachment.go index 1cf50627a9..c6d8828fac 100644 --- a/routers/web/repo/attachment.go +++ b/routers/web/repo/attachment.go @@ -110,11 +110,6 @@ func GetAttachment(ctx *context.Context) { return } } else { // If we have the repository we check access - context.CheckRepoScopedToken(ctx, repository) - if ctx.Written() { - return - } - perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer) if err != nil { ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error()) diff --git a/tests/integration/attachment_test.go b/tests/integration/attachment_test.go index a92814ecee..ff62726487 100644 --- a/tests/integration/attachment_test.go +++ b/tests/integration/attachment_test.go @@ -89,6 +89,9 @@ func TestCreateIssueAttachment(t *testing.T) { // Validate that attachment is available req = NewRequest(t, "GET", "/attachments/"+uuid) session.MakeRequest(t, req, http.StatusOK) + + // anonymous visit should be allowed because user2/repo1 is a public repository + MakeRequest(t, req, http.StatusOK) } func TestGetAttachment(t *testing.T) {