Fix issue label deletion with Actions tokens (#37013)
Use shared repo permission resolution for Actions task users in issue label remove and clear paths, and add a regression test for deleting issue labels with a Gitea Actions token. This fixes issue label deletion when the request is authenticated with a Gitea Actions token. Fixes #37011 The bug was that the delete path re-resolved repository permissions using the normal user permission helper, which does not handle Actions task users. As a result, `DELETE /api/v1/repos/{owner}/{repo}/issues/{index}/labels/{id}` could return `500` for Actions tokens even though label listing and label addition worked. --------- Co-authored-by: Codex <codex@openai.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io>
This commit is contained in:
@@ -57,7 +57,7 @@ func roleDescriptor(ctx *context.Context, repo *repo_model.Repository, poster *u
|
||||
// Guess the role of the poster in the repo by permission
|
||||
perm, hasPermCache := permsCache[poster.ID]
|
||||
if !hasPermCache {
|
||||
perm, err = access_model.GetUserRepoPermission(ctx, repo, poster)
|
||||
perm, err = access_model.GetIndividualUserRepoPermission(ctx, repo, poster)
|
||||
if err != nil {
|
||||
return roleDesc, err
|
||||
}
|
||||
@@ -145,9 +145,9 @@ func checkBlockedByIssues(ctx *context.Context, blockers []*issues_model.Depende
|
||||
perm = existPerm
|
||||
} else {
|
||||
var err error
|
||||
perm, err = access_model.GetUserRepoPermission(ctx, &blocker.Repository, ctx.Doer)
|
||||
perm, err = access_model.GetDoerRepoPermission(ctx, &blocker.Repository, ctx.Doer)
|
||||
if err != nil {
|
||||
ctx.ServerError("GetUserRepoPermission", err)
|
||||
ctx.ServerError("GetDoerRepoPermission", err)
|
||||
return nil, nil
|
||||
}
|
||||
repoPerms[blocker.RepoID] = perm
|
||||
@@ -192,7 +192,7 @@ func filterXRefComments(ctx *context.Context, issue *issues_model.Issue) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, c.RefRepo, ctx.Doer)
|
||||
perm, err := access_model.GetDoerRepoPermission(ctx, c.RefRepo, ctx.Doer)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -845,9 +845,9 @@ func preparePullViewReviewAndMerge(ctx *context.Context, issue *issues_model.Iss
|
||||
if err := pull.LoadHeadRepo(ctx); err != nil {
|
||||
log.Error("LoadHeadRepo: %v", err)
|
||||
} else if pull.HeadRepo != nil {
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, pull.HeadRepo, ctx.Doer)
|
||||
perm, err := access_model.GetDoerRepoPermission(ctx, pull.HeadRepo, ctx.Doer)
|
||||
if err != nil {
|
||||
ctx.ServerError("GetUserRepoPermission", err)
|
||||
ctx.ServerError("GetDoerRepoPermission", err)
|
||||
return
|
||||
}
|
||||
if perm.CanWrite(unit.TypeCode) {
|
||||
@@ -867,9 +867,9 @@ func preparePullViewReviewAndMerge(ctx *context.Context, issue *issues_model.Iss
|
||||
if err := pull.LoadBaseRepo(ctx); err != nil {
|
||||
log.Error("LoadBaseRepo: %v", err)
|
||||
}
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, pull.BaseRepo, ctx.Doer)
|
||||
perm, err := access_model.GetDoerRepoPermission(ctx, pull.BaseRepo, ctx.Doer)
|
||||
if err != nil {
|
||||
ctx.ServerError("GetUserRepoPermission", err)
|
||||
ctx.ServerError("GetDoerRepoPermission", err)
|
||||
return
|
||||
}
|
||||
if !canWriteToHeadRepo { // maintainers maybe allowed to push to head repo even if they can't write to it
|
||||
|
||||
Reference in New Issue
Block a user