Move /info
outside authorization (#19888)
- To use the web's API to get information about a issue/pull on a repository, doesn't require authorization(nor that the repository isn't archived). - Regressed by: #19318 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
parent
12c742f8dc
commit
744e452185
2 changed files with 20 additions and 1 deletions
|
@ -1799,6 +1799,21 @@ func GetIssueInfo(ctx *context.Context) {
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if issue.IsPull {
|
||||||
|
// Need to check if Pulls are enabled and we can read Pulls
|
||||||
|
if !ctx.Repo.Repository.CanEnablePulls() || !ctx.Repo.CanRead(unit.TypePullRequests) {
|
||||||
|
ctx.Error(http.StatusNotFound)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// Need to check if Issues are enabled and we can read Issues
|
||||||
|
if !ctx.Repo.CanRead(unit.TypeIssues) {
|
||||||
|
ctx.Error(http.StatusNotFound)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
ctx.JSON(http.StatusOK, convert.ToAPIIssue(issue))
|
ctx.JSON(http.StatusOK, convert.ToAPIIssue(issue))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -835,6 +835,11 @@ func RegisterRoutes(m *web.Route) {
|
||||||
m.Combo("/compare/*", repo.MustBeNotEmpty, reqRepoCodeReader, repo.SetEditorconfigIfExists).
|
m.Combo("/compare/*", repo.MustBeNotEmpty, reqRepoCodeReader, repo.SetEditorconfigIfExists).
|
||||||
Get(ignSignIn, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.CompareDiff).
|
Get(ignSignIn, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.CompareDiff).
|
||||||
Post(reqSignIn, context.RepoMustNotBeArchived(), reqRepoPullsReader, repo.MustAllowPulls, bindIgnErr(forms.CreateIssueForm{}), repo.SetWhitespaceBehavior, repo.CompareAndPullRequestPost)
|
Post(reqSignIn, context.RepoMustNotBeArchived(), reqRepoPullsReader, repo.MustAllowPulls, bindIgnErr(forms.CreateIssueForm{}), repo.SetWhitespaceBehavior, repo.CompareAndPullRequestPost)
|
||||||
|
m.Group("/{type:issues|pulls}", func() {
|
||||||
|
m.Group("/{index}", func() {
|
||||||
|
m.Get("/info", repo.GetIssueInfo)
|
||||||
|
})
|
||||||
|
})
|
||||||
}, context.RepoAssignment, context.UnitTypes())
|
}, context.RepoAssignment, context.UnitTypes())
|
||||||
|
|
||||||
// Grouping for those endpoints that do require authentication
|
// Grouping for those endpoints that do require authentication
|
||||||
|
@ -851,7 +856,6 @@ func RegisterRoutes(m *web.Route) {
|
||||||
// So they can apply their own enable/disable logic on routers.
|
// So they can apply their own enable/disable logic on routers.
|
||||||
m.Group("/{type:issues|pulls}", func() {
|
m.Group("/{type:issues|pulls}", func() {
|
||||||
m.Group("/{index}", func() {
|
m.Group("/{index}", func() {
|
||||||
m.Get("/info", repo.GetIssueInfo)
|
|
||||||
m.Post("/title", repo.UpdateIssueTitle)
|
m.Post("/title", repo.UpdateIssueTitle)
|
||||||
m.Post("/content", repo.UpdateIssueContent)
|
m.Post("/content", repo.UpdateIssueContent)
|
||||||
m.Post("/deadline", bindIgnErr(structs.EditDeadlineOption{}), repo.UpdateIssueDeadline)
|
m.Post("/deadline", bindIgnErr(structs.EditDeadlineOption{}), repo.UpdateIssueDeadline)
|
||||||
|
|
Loading…
Reference in a new issue