Fix issue label deletion with Actions tokens (#37013)
Use shared repo permission resolution for Actions task users in issue label remove and clear paths, and add a regression test for deleting issue labels with a Gitea Actions token. This fixes issue label deletion when the request is authenticated with a Gitea Actions token. Fixes #37011 The bug was that the delete path re-resolved repository permissions using the normal user permission helper, which does not handle Actions task users. As a result, `DELETE /api/v1/repos/{owner}/{repo}/issues/{index}/labels/{id}` could return `500` for Actions tokens even though label listing and label addition worked. --------- Co-authored-by: Codex <codex@openai.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io>
This commit is contained in:
@@ -15,9 +15,9 @@ import (
|
||||
)
|
||||
|
||||
func ToActivity(ctx context.Context, ac *activities_model.Action, doer *user_model.User) *api.Activity {
|
||||
p, err := access_model.GetUserRepoPermission(ctx, ac.Repo, doer)
|
||||
p, err := access_model.GetDoerRepoPermission(ctx, ac.Repo, doer)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission[%d]: %v", ac.RepoID, err)
|
||||
log.Error("GetDoerRepoPermission[%d]: %v", ac.RepoID, err)
|
||||
p.AccessMode = perm_model.AccessModeNone
|
||||
}
|
||||
|
||||
|
||||
@@ -72,7 +72,7 @@ func ToBranch(ctx context.Context, repo *repo_model.Repository, branchName strin
|
||||
return nil, err
|
||||
}
|
||||
|
||||
perms, err := access_model.GetUserRepoPermission(ctx, repo, user)
|
||||
perms, err := access_model.GetIndividualUserRepoPermission(ctx, repo, user)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -105,7 +105,7 @@ func ToBranch(ctx context.Context, repo *repo_model.Repository, branchName strin
|
||||
}
|
||||
|
||||
if user != nil {
|
||||
permission, err := access_model.GetUserRepoPermission(ctx, repo, user)
|
||||
permission, err := access_model.GetIndividualUserRepoPermission(ctx, repo, user)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -200,7 +200,7 @@ func ToStopWatches(ctx context.Context, doer *user_model.User, sws []*issues_mod
|
||||
// ADD: Check user permissions
|
||||
perm, ok := permCache[repo.ID]
|
||||
if !ok {
|
||||
perm, err = access_model.GetUserRepoPermission(ctx, repo, doer)
|
||||
perm, err = access_model.GetDoerRepoPermission(ctx, repo, doer)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
@@ -234,7 +234,7 @@ func ToTrackedTimeList(ctx context.Context, doer *user_model.User, tl issues_mod
|
||||
continue
|
||||
}
|
||||
perm, err := cache.GetWithEphemeralCache(ctx, permCache, "repo-perm", t.Issue.RepoID, func(ctx context.Context, repoID int64) (access_model.Permission, error) {
|
||||
return access_model.GetUserRepoPermission(ctx, t.Issue.Repo, doer)
|
||||
return access_model.GetDoerRepoPermission(ctx, t.Issue.Repo, doer)
|
||||
})
|
||||
if err != nil {
|
||||
continue
|
||||
|
||||
@@ -25,9 +25,9 @@ func ToNotificationThread(ctx context.Context, n *activities_model.Notification)
|
||||
|
||||
// since user only get notifications when he has access to use minimal access mode
|
||||
if n.Repository != nil {
|
||||
perm, err := access_model.GetUserRepoPermission(ctx, n.Repository, n.User)
|
||||
perm, err := access_model.GetIndividualUserRepoPermission(ctx, n.Repository, n.User)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission failed: %v", err)
|
||||
log.Error("GetIndividualUserRepoPermission failed: %v", err)
|
||||
return result
|
||||
}
|
||||
if perm.HasAnyUnitAccessOrPublicAccess() { // if user has been revoked access to repo, do not show repo info
|
||||
|
||||
@@ -16,7 +16,7 @@ import (
|
||||
func ToPackage(ctx context.Context, pd *packages.PackageDescriptor, doer *user_model.User) (*api.Package, error) {
|
||||
var repo *api.Repository
|
||||
if pd.Repository != nil {
|
||||
permission, err := access_model.GetUserRepoPermission(ctx, pd.Repository, doer)
|
||||
permission, err := access_model.GetDoerRepoPermission(ctx, pd.Repository, doer)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -63,11 +63,11 @@ func ToAPIPullRequest(ctx context.Context, pr *issues_model.PullRequest, doer *u
|
||||
|
||||
repoUserPerm, err := cache.GetWithContextCache(ctx, cachegroup.RepoUserPermission, fmt.Sprintf("%d-%d", pr.BaseRepoID, doerID),
|
||||
func(ctx context.Context, _ string) (access_model.Permission, error) {
|
||||
return access_model.GetUserRepoPermission(ctx, pr.BaseRepo, doer)
|
||||
return access_model.GetDoerRepoPermission(ctx, pr.BaseRepo, doer)
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission[%d]: %v", pr.BaseRepoID, err)
|
||||
log.Error("GetDoerRepoPermission[%d]: %v", pr.BaseRepoID, err)
|
||||
repoUserPerm.AccessMode = perm.AccessModeNone
|
||||
}
|
||||
|
||||
@@ -181,9 +181,9 @@ func ToAPIPullRequest(ctx context.Context, pr *issues_model.PullRequest, doer *u
|
||||
}
|
||||
|
||||
if pr.HeadRepo != nil && pr.Flow == issues_model.PullRequestFlowGithub {
|
||||
p, err := access_model.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
|
||||
p, err := access_model.GetDoerRepoPermission(ctx, pr.HeadRepo, doer)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission[%d]: %v", pr.HeadRepoID, err)
|
||||
log.Error("GetDoerRepoPermission[%d]: %v", pr.HeadRepoID, err)
|
||||
p.AccessMode = perm.AccessModeNone
|
||||
}
|
||||
|
||||
@@ -334,9 +334,9 @@ func ToAPIPullRequests(ctx context.Context, baseRepo *repo_model.Repository, prs
|
||||
}
|
||||
defer gitRepo.Close()
|
||||
|
||||
baseRepoPerm, err := access_model.GetUserRepoPermission(ctx, baseRepo, doer)
|
||||
baseRepoPerm, err := access_model.GetDoerRepoPermission(ctx, baseRepo, doer)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission[%d]: %v", baseRepo.ID, err)
|
||||
log.Error("GetDoerRepoPermission[%d]: %v", baseRepo.ID, err)
|
||||
baseRepoPerm.AccessMode = perm.AccessModeNone
|
||||
}
|
||||
|
||||
@@ -435,9 +435,9 @@ func ToAPIPullRequests(ctx context.Context, baseRepo *repo_model.Repository, prs
|
||||
apiPullRequest.Head.Ref = pr.HeadBranch
|
||||
}
|
||||
if pr.HeadRepoID != pr.BaseRepoID {
|
||||
p, err := access_model.GetUserRepoPermission(ctx, pr.HeadRepo, doer)
|
||||
p, err := access_model.GetDoerRepoPermission(ctx, pr.HeadRepo, doer)
|
||||
if err != nil {
|
||||
log.Error("GetUserRepoPermission[%d]: %v", pr.HeadRepoID, err)
|
||||
log.Error("GetDoerRepoPermission[%d]: %v", pr.HeadRepoID, err)
|
||||
p.AccessMode = perm.AccessModeNone
|
||||
}
|
||||
apiPullRequest.Head.Repository = ToRepo(ctx, pr.HeadRepo, p)
|
||||
|
||||
Reference in New Issue
Block a user