forked from gitea/gitea
1
0
Fork 0

fixed vulnerabilities labels (#409)

This commit is contained in:
Lunny Xiao 2016-12-17 19:49:17 +08:00 committed by GitHub
parent 44428fdc38
commit 7c46667e71
1 changed files with 28 additions and 1 deletions

View File

@ -87,13 +87,20 @@ func (issue *Issue) AfterSet(colName string, _ xorm.Cell) {
}
}
func (issue *Issue) loadAttributes(e Engine) (err error) {
func (issue *Issue) loadRepo(e Engine) (err error) {
if issue.Repo == nil {
issue.Repo, err = getRepositoryByID(e, issue.RepoID)
if err != nil {
return fmt.Errorf("getRepositoryByID [%d]: %v", issue.RepoID, err)
}
}
return nil
}
func (issue *Issue) loadAttributes(e Engine) (err error) {
if err := issue.loadRepo(e); err != nil {
return err
}
if issue.Poster == nil {
issue.Poster, err = getUserByID(e, issue.PosterID)
@ -322,6 +329,16 @@ func (issue *Issue) removeLabel(e *xorm.Session, label *Label) error {
// RemoveLabel removes a label from issue by given ID.
func (issue *Issue) RemoveLabel(doer *User, label *Label) error {
if err := issue.loadRepo(x); err != nil {
return err
}
if has, err := HasAccess(doer, issue.Repo, AccessModeWrite); err != nil {
return err
} else if !has {
return ErrLabelNotExist{}
}
if err := DeleteIssueLabel(issue, label); err != nil {
return err
}
@ -353,6 +370,16 @@ func (issue *Issue) ClearLabels(doer *User) (err error) {
return err
}
if err := issue.loadRepo(sess); err != nil {
return err
}
if has, err := hasAccess(sess, doer, issue.Repo, AccessModeWrite); err != nil {
return err
} else if !has {
return ErrLabelNotExist{}
}
if err = issue.clearLabels(sess); err != nil {
return err
}