forked from gitea/gitea
1
0
Fork 0
gitea/models/fixtures
zeripath 0b4a8be26b
Ensure that restricted users can access repos for which they are members (#17460)
There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 10:54:40 +08:00
..
access.yml Fix "access" fixtures and tests (#10247) 2020-02-15 12:29:06 +08:00
access_token.yml Hash App token (#6724) 2019-05-04 11:45:34 -04:00
action.yml Fix heatmap activity (#15252) 2021-06-25 12:59:25 -04:00
attachment.yml Add repo_id for attachment (#16958) 2021-09-08 17:19:30 +02:00
collaboration.yml Fix "access" fixtures and tests (#10247) 2020-02-15 12:29:06 +08:00
comment.yml [API] Add "before" query to ListIssueComments and ListRepoIssue… (#9685) 2020-01-13 17:02:24 +01:00
commit_status.yml Status-API (#1332) 2017-04-21 19:32:31 +08:00
commit_status_index.yml Fix commit status index problem (#17061) 2021-09-23 18:50:06 +08:00
deleted_branch.yml Add deleted_branch table fixture (#2832) 2017-11-04 15:31:59 +02:00
deploy_key.yml Writable deploy keys (closes #671) (#3225) 2018-01-07 00:55:53 +02:00
email_address.yml Always store primary email address into email_address table and also the state (#15956) 2021-06-08 11:52:51 +08:00
follow.yml Fix and test for delete user (#1713) 2017-05-20 16:48:22 +08:00
gpg_key.yml Add missing fixture to clean gpg_key table (#2494) 2017-09-12 13:54:45 +03:00
gpg_key_import.yml add .gpg url (match github behaviour) (#6610) 2019-04-14 12:43:56 -04:00
hook_task.yml API endpoint for testing webhook (#3550) 2018-04-29 14:21:33 +08:00
issue.yml Add filter by owner and team to issue/pulls search endpoint (#16662) 2021-08-13 22:47:25 +02:00
issue_assignees.yml [UI] IssuePage multi repo select (#8741) 2019-12-01 22:50:36 -05:00
issue_index.yml Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (#15599) 2021-06-14 10:22:55 +08:00
issue_label.yml Add Organization Wide Labels (#10814) 2020-04-01 01:14:46 -03:00
issue_user.yml [API] ListIssues add more filters (#16174) 2021-06-16 18:33:37 -04:00
issue_watch.yml Refactor Issues Subscription (#8738) 2019-11-20 22:50:54 +08:00
label.yml API: fix set milestone on PR creation (#14981) 2021-03-13 19:06:52 +01:00
login_source.yml Add LDAP integration tests (#3897) 2018-05-11 15:55:32 +08:00
milestone.yml API: fix set milestone on PR creation (#14981) 2021-03-13 19:06:52 +01:00
notice.yml Unit tests for models/admin 2017-01-09 21:49:51 +01:00
notification.yml [API] Add notification endpoint (#9488) 2020-01-09 11:56:32 +00:00
oauth2_application.yml Integrate OAuth2 Provider (#5378) 2019-03-08 11:42:50 -05:00
oauth2_authorization_code.yml Integrate OAuth2 Provider (#5378) 2019-03-08 11:42:50 -05:00
oauth2_grant.yml Fix wrong user in OpenID response (#16736) 2021-08-19 12:11:30 -04:00
org_user.yml Restricted users (#6274) 2020-01-13 18:33:46 +01:00
project.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
project_board.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
project_issue.yml Kanban board (#8346) 2020-08-16 23:07:38 -04:00
protected_branch.yml Don't recreate database in integration tests (#1697) 2017-05-11 23:32:43 +08:00
public_key.yml test: command keys (#9357) 2019-12-15 08:11:31 +00:00
pull_request.yml Add review request api (#11355) 2020-10-20 14:18:25 -04:00
reaction.yml [API] Add Reactions (#9220) 2019-12-07 17:04:19 -05:00
release.yml [API] ListReleases add filter for draft and pre-releases (#16175) 2021-06-17 10:58:10 +02:00
renamed_branch.yml Add a simple way to rename branch like gh (#15870) 2021-10-08 19:03:04 +02:00
repo_archiver.yml Rework repository archive (#14723) 2021-06-23 17:12:38 -04:00
repo_indexer_status.yml Code/repo search (#2582) 2017-10-27 09:10:54 +03:00
repo_redirect.yml Unit tests for repo redirects (#961) 2017-02-17 08:55:33 +08:00
repo_topic.yml Add API endpoint for accessing repo topics (#7963) 2019-09-03 23:46:24 +08:00
repo_transfer.yml Repository transfer has to be confirmed, if user can not create repo for new owner (#14792) 2021-03-01 01:47:30 +01:00
repo_unit.yml Issues overview should not show issues from archived repos (#13220) 2021-01-12 23:19:17 -05:00
repository.yml Ensure that restricted users can access repos for which they are members (#17460) 2021-10-28 10:54:40 +08:00
review.yml Add dismiss review feature (#12674) 2021-02-11 18:32:25 +01:00
star.yml Unit tests for models/star (#752) 2017-01-25 18:37:10 +08:00
stopwatch.yml [API] extend StopWatch (#9196) 2019-12-11 23:23:05 -05:00
team.yml Restricted users (#6274) 2020-01-13 18:33:46 +01:00
team_repo.yml Restrict permission check on repositories and fix some problems (#5314) 2018-11-28 19:26:14 +08:00
team_unit.yml Restrict permission check on repositories and fix some problems (#5314) 2018-11-28 19:26:14 +08:00
team_user.yml Restricted users (#6274) 2020-01-13 18:33:46 +01:00
topic.yml Add API endpoint for accessing repo topics (#7963) 2019-09-03 23:46:24 +08:00
tracked_time.yml [API] Extend times API (#9200) 2019-12-27 20:30:58 +00:00
two_factor.yml org/members: display 2FA members states + optimize sql requests (#7621) 2019-08-02 12:06:27 -04:00
u2f_registration.yml Add support for FIDO U2F (#3971) 2018-05-19 17:12:37 +03:00
user.yml Add user status filter to admin user management page (#16770) 2021-10-12 20:11:35 +02:00
user_open_id.yml Show user OpenID URIs in their profile (#1314) 2017-03-20 09:31:08 +01:00
user_redirect.yml Redirect on changed user and org name (#11649) 2021-01-24 16:23:05 +01:00
watch.yml Auto-subscribe user to repository when they commit/tag to it (#7657) 2019-11-10 09:22:19 +00:00
webhook.yml Implement webhook branch filter (#7791) 2019-09-09 08:48:21 +03:00