Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-12-02 06:46:10 +01:00

Fix users cannot visit issue attachment bug (#25019) (#25027)

Backport #25019 by @lunny

Caused by #24362

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
This commit is contained in:
Giteabot 2023-06-01 13:22:26 -04:00 committed by GitHub
parent b83e4f295d
commit 73ae6b21d1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 5 deletions

View file

@ -110,11 +110,6 @@ func GetAttachment(ctx *context.Context) {
return return
} }
} else { // If we have the repository we check access } else { // If we have the repository we check access
context.CheckRepoScopedToken(ctx, repository)
if ctx.Written() {
return
}
perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer) perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer)
if err != nil { if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error()) ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error())

View file

@ -89,6 +89,9 @@ func TestCreateIssueAttachment(t *testing.T) {
// Validate that attachment is available // Validate that attachment is available
req = NewRequest(t, "GET", "/attachments/"+uuid) req = NewRequest(t, "GET", "/attachments/"+uuid)
session.MakeRequest(t, req, http.StatusOK) session.MakeRequest(t, req, http.StatusOK)
// anonymous visit should be allowed because user2/repo1 is a public repository
MakeRequest(t, req, http.StatusOK)
} }
func TestGetAttachment(t *testing.T) { func TestGetAttachment(t *testing.T) {