mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-26 01:40:36 +00:00
Fix users cannot visit issue attachment bug (#25019)
Caused by #24362 Co-authored-by: Giteabot <teabot@gitea.io>
This commit is contained in:
parent
48bfea6705
commit
5d23c885ed
2 changed files with 3 additions and 5 deletions
|
@ -110,11 +110,6 @@ func ServeAttachment(ctx *context.Context, uuid string) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
} else { // If we have the repository we check access
|
} else { // If we have the repository we check access
|
||||||
context.CheckRepoScopedToken(ctx, repository)
|
|
||||||
if ctx.Written() {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer)
|
perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error())
|
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error())
|
||||||
|
|
|
@ -89,6 +89,9 @@ func TestCreateIssueAttachment(t *testing.T) {
|
||||||
// Validate that attachment is available
|
// Validate that attachment is available
|
||||||
req = NewRequest(t, "GET", "/attachments/"+uuid)
|
req = NewRequest(t, "GET", "/attachments/"+uuid)
|
||||||
session.MakeRequest(t, req, http.StatusOK)
|
session.MakeRequest(t, req, http.StatusOK)
|
||||||
|
|
||||||
|
// anonymous visit should be allowed because user2/repo1 is a public repository
|
||||||
|
MakeRequest(t, req, http.StatusOK)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestGetAttachment(t *testing.T) {
|
func TestGetAttachment(t *testing.T) {
|
||||||
|
|
Loading…
Reference in a new issue