Only view milestones from current repo (#18414)
The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to the repo. This PR restricts the milestones to those within the repo. Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
parent
3bb028cc46
commit
9a75c2741d
4 changed files with 4 additions and 20 deletions
2
go.mod
2
go.mod
|
@ -97,7 +97,7 @@ require (
|
||||||
github.com/quasoft/websspi v1.0.0
|
github.com/quasoft/websspi v1.0.0
|
||||||
github.com/rs/xid v1.3.0 // indirect
|
github.com/rs/xid v1.3.0 // indirect
|
||||||
github.com/russross/blackfriday/v2 v2.1.0 // indirect
|
github.com/russross/blackfriday/v2 v2.1.0 // indirect
|
||||||
github.com/santhosh-tekuri/jsonschema/v5 v5.0.0 // indirect
|
github.com/santhosh-tekuri/jsonschema/v5 v5.0.0
|
||||||
github.com/sergi/go-diff v1.2.0
|
github.com/sergi/go-diff v1.2.0
|
||||||
github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749 // indirect
|
github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749 // indirect
|
||||||
github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546
|
github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546
|
||||||
|
|
|
@ -134,22 +134,6 @@ func GetMilestoneByRepoIDANDName(repoID int64, name string) (*Milestone, error)
|
||||||
return &mile, nil
|
return &mile, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetMilestoneByID returns the milestone via id .
|
|
||||||
func GetMilestoneByID(id int64) (*Milestone, error) {
|
|
||||||
return getMilestoneByID(db.GetEngine(db.DefaultContext), id)
|
|
||||||
}
|
|
||||||
|
|
||||||
func getMilestoneByID(e db.Engine, id int64) (*Milestone, error) {
|
|
||||||
var m Milestone
|
|
||||||
has, err := e.ID(id).Get(&m)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
} else if !has {
|
|
||||||
return nil, ErrMilestoneNotExist{ID: id, RepoID: 0}
|
|
||||||
}
|
|
||||||
return &m, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// UpdateMilestone updates information of given milestone.
|
// UpdateMilestone updates information of given milestone.
|
||||||
func UpdateMilestone(m *Milestone, oldIsClosed bool) error {
|
func UpdateMilestone(m *Milestone, oldIsClosed bool) error {
|
||||||
ctx, committer, err := db.TxContext()
|
ctx, committer, err := db.TxContext()
|
||||||
|
|
|
@ -799,7 +799,7 @@ func NewIssue(ctx *context.Context) {
|
||||||
|
|
||||||
milestoneID := ctx.FormInt64("milestone")
|
milestoneID := ctx.FormInt64("milestone")
|
||||||
if milestoneID > 0 {
|
if milestoneID > 0 {
|
||||||
milestone, err := models.GetMilestoneByID(milestoneID)
|
milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("GetMilestoneByID: %d: %v", milestoneID, err)
|
log.Error("GetMilestoneByID: %d: %v", milestoneID, err)
|
||||||
} else {
|
} else {
|
||||||
|
@ -886,7 +886,7 @@ func ValidateRepoMetas(ctx *context.Context, form forms.CreateIssueForm, isPull
|
||||||
// Check milestone.
|
// Check milestone.
|
||||||
milestoneID := form.MilestoneID
|
milestoneID := form.MilestoneID
|
||||||
if milestoneID > 0 {
|
if milestoneID > 0 {
|
||||||
milestone, err := models.GetMilestoneByID(milestoneID)
|
milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.ServerError("GetMilestoneByID", err)
|
ctx.ServerError("GetMilestoneByID", err)
|
||||||
return nil, nil, 0, 0
|
return nil, nil, 0, 0
|
||||||
|
|
|
@ -264,7 +264,7 @@ func DeleteMilestone(ctx *context.Context) {
|
||||||
// MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone
|
// MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone
|
||||||
func MilestoneIssuesAndPulls(ctx *context.Context) {
|
func MilestoneIssuesAndPulls(ctx *context.Context) {
|
||||||
milestoneID := ctx.ParamsInt64(":id")
|
milestoneID := ctx.ParamsInt64(":id")
|
||||||
milestone, err := models.GetMilestoneByID(milestoneID)
|
milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if models.IsErrMilestoneNotExist(err) {
|
if models.IsErrMilestoneNotExist(err) {
|
||||||
ctx.NotFound("GetMilestoneByID", err)
|
ctx.NotFound("GetMilestoneByID", err)
|
||||||
|
|
Loading…
Reference in a new issue