forked from gitea/gitea
1
0
Fork 0
gitea/models/fixtures
zeripath ef12b8de80
Ensure that restricted users can access repos for which they are members (#17460) (#17464)
Backport #17460

There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 11:33:18 +08:00
..
access.yml Fix "access" fixtures and tests (#10247) 2020-02-15 12:29:06 +08:00
access_token.yml Hash App token (#6724) 2019-05-04 11:45:34 -04:00
action.yml Fix heatmap activity (#15252) 2021-06-25 12:59:25 -04:00
attachment.yml Only serve attachments when linked to issue/release and if accessible by user (#9340) 2020-01-05 01:20:08 +02:00
collaboration.yml Fix "access" fixtures and tests (#10247) 2020-02-15 12:29:06 +08:00
comment.yml [API] Add "before" query to ListIssueComments and ListRepoIssue… (#9685) 2020-01-13 17:02:24 +01:00
commit_status.yml Status-API (#1332) 2017-04-21 19:32:31 +08:00
deleted_branch.yml Add deleted_branch table fixture (#2832) 2017-11-04 15:31:59 +02:00
deploy_key.yml Writable deploy keys (closes #671) (#3225) 2018-01-07 00:55:53 +02:00
email_address.yml Always store primary email address into email_address table and also the state (#15956) 2021-06-08 11:52:51 +08:00
follow.yml Fix and test for delete user (#1713) 2017-05-20 16:48:22 +08:00
gpg_key.yml Add missing fixture to clean gpg_key table (#2494) 2017-09-12 13:54:45 +03:00
gpg_key_import.yml add .gpg url (match github behaviour) (#6610) 2019-04-14 12:43:56 -04:00
hook_task.yml API endpoint for testing webhook (#3550) 2018-04-29 14:21:33 +08:00
issue.yml Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (#15599) 2021-06-14 10:22:55 +08:00
issue_assignees.yml [UI] IssuePage multi repo select (#8741) 2019-12-01 22:50:36 -05:00
issue_index.yml Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (#15599) 2021-06-14 10:22:55 +08:00
issue_label.yml Add Organization Wide Labels (#10814) 2020-04-01 01:14:46 -03:00
issue_user.yml [API] ListIssues add more filters (#16174) 2021-06-16 18:33:37 -04:00
issue_watch.yml Refactor Issues Subscription (#8738) 2019-11-20 22:50:54 +08:00
label.yml API: fix set milestone on PR creation (#14981) 2021-03-13 19:06:52 +01:00
login_source.yml Add LDAP integration tests (#3897) 2018-05-11 15:55:32 +08:00
milestone.yml API: fix set milestone on PR creation (#14981) 2021-03-13 19:06:52 +01:00
notice.yml Unit tests for models/admin 2017-01-09 21:49:51 +01:00
notification.yml [API] Add notification endpoint (#9488) 2020-01-09 11:56:32 +00:00
oauth2_application.yml Integrate OAuth2 Provider (#5378) 2019-03-08 11:42:50 -05:00
oauth2_authorization_code.yml Integrate OAuth2 Provider (#5378) 2019-03-08 11:42:50 -05:00
oauth2_grant.yml Fix wrong user in OpenID response (#16736) (#16741) 2021-08-20 00:26:44 +03:00
org_user.yml Restricted users (#6274) 2020-01-13 18:33:46 +01:00
project.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
project_board.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
project_issue.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
protected_branch.yml Don't recreate database in integration tests (#1697) 2017-05-11 23:32:43 +08:00
public_key.yml test: command keys (#9357) 2019-12-15 08:11:31 +00:00
pull_request.yml Add review request api (#11355) 2020-10-20 14:18:25 -04:00
reaction.yml [API] Add Reactions (#9220) 2019-12-07 17:04:19 -05:00
release.yml [API] ListReleases add filter for draft and pre-releases (#16175) 2021-06-17 10:58:10 +02:00
repo_archiver.yml Rework repository archive (#14723) 2021-06-23 17:12:38 -04:00
repo_indexer_status.yml Code/repo search (#2582) 2017-10-27 09:10:54 +03:00
repo_redirect.yml Unit tests for repo redirects (#961) 2017-02-17 08:55:33 +08:00
repo_topic.yml Add API endpoint for accessing repo topics (#7963) 2019-09-03 23:46:24 +08:00
repo_transfer.yml Repository transfer has to be confirmed, if user can not create repo for new owner (#14792) 2021-03-01 01:47:30 +01:00
repo_unit.yml Issues overview should not show issues from archived repos (#13220) 2021-01-12 23:19:17 -05:00
repository.yml Ensure that restricted users can access repos for which they are members (#17460) (#17464) 2021-10-28 11:33:18 +08:00
review.yml Add dismiss review feature (#12674) 2021-02-11 18:32:25 +01:00
star.yml Unit tests for models/star (#752) 2017-01-25 18:37:10 +08:00
stopwatch.yml [API] extend StopWatch (#9196) 2019-12-11 23:23:05 -05:00
team.yml Restricted users (#6274) 2020-01-13 18:33:46 +01:00
team_repo.yml Restrict permission check on repositories and fix some problems (#5314) 2018-11-28 19:26:14 +08:00
team_unit.yml Restrict permission check on repositories and fix some problems (#5314) 2018-11-28 19:26:14 +08:00
team_user.yml Restricted users (#6274) 2020-01-13 18:33:46 +01:00
topic.yml Add API endpoint for accessing repo topics (#7963) 2019-09-03 23:46:24 +08:00
tracked_time.yml [API] Extend times API (#9200) 2019-12-27 20:30:58 +00:00
two_factor.yml org/members: display 2FA members states + optimize sql requests (#7621) 2019-08-02 12:06:27 -04:00
u2f_registration.yml Add support for FIDO U2F (#3971) 2018-05-19 17:12:37 +03:00
user.yml Add Visible modes function from Organisation to Users too (#16069) 2021-06-26 20:53:14 +01:00
user_open_id.yml Show user OpenID URIs in their profile (#1314) 2017-03-20 09:31:08 +01:00
user_redirect.yml Redirect on changed user and org name (#11649) 2021-01-24 16:23:05 +01:00
watch.yml Auto-subscribe user to repository when they commit/tag to it (#7657) 2019-11-10 09:22:19 +00:00
webhook.yml Implement webhook branch filter (#7791) 2019-09-09 08:48:21 +03:00