forked from gitea/gitea
1
0
Fork 0
gitea/modules
zeripath ef12b8de80
Ensure that restricted users can access repos for which they are members (#17460) (#17464)
Backport #17460

There is a small bug in the way that repo access is checked in
repoAssignment: Accessibility is checked by checking if the user has a
marked access to the repository instead of checking if the user has any
team granted access.

This PR changes this permissions check to use HasAccess() which does the
correct test. There is also a fix in the release api ListReleases where
it should return draft releases if the user is a member of a team with
write access to the releases.

The PR also adds a testcase.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-28 11:33:18 +08:00
..
analyze Speed up `enry.IsVendor` (#15213) 2021-04-01 19:41:09 +02:00
auth Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16570) 2021-07-29 18:52:38 +01:00
avatar Add Image Diff for SVG files (#14867) 2021-06-05 15:32:19 +03:00
base Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
cache Add LRU mem cache implementation (#16226) 2021-07-10 23:54:15 +02:00
charset Read expected buffer size (#17409) (#17430) 2021-10-25 17:46:56 +01:00
context Ensure that restricted users can access repos for which they are members (#17460) (#17464) 2021-10-28 11:33:18 +08:00
convert API pull's head/base have correct permission(#17214) (#17245) 2021-10-07 12:39:23 +03:00
cron Fix archive error when rename repo or user (#16399) 2021-07-13 14:16:31 +02:00
csv Fix CSV render error (#17406) (#17431) 2021-10-25 18:31:15 +01:00
doctor Nicely handle missing user in collaborations (#17049) (#17166) 2021-09-28 07:41:12 +01:00
emoji Run processors on whole of text (#16155) 2021-06-17 11:35:05 +01:00
eventsource Hold the event source when there are no listeners (#15725) 2021-05-15 23:46:13 +02:00
generate Switch to maintained jwt lib (#16532) (#16533) 2021-07-24 11:13:50 -04:00
git Read expected buffer size (#17409) (#17430) 2021-10-25 17:46:56 +01:00
gitgraph Fix bug on commit graph (#15517) 2021-04-17 10:27:25 +01:00
graceful Use pointer for wrappedConn methods (#17295) (#17296) 2021-10-12 23:45:30 +01:00
hcaptcha hCaptcha Support (#12594) 2020-10-02 23:37:53 -04:00
highlight Prevent panic in Org mode HighlightCodeBlock (#17140) (#17141) 2021-09-24 14:29:47 +01:00
httpcache Add ETag header (#15370) 2021-04-12 10:49:26 -04:00
httplib Second attempt at preventing zombies (#16326) 2021-07-14 10:43:13 -04:00
indexer Fix data race in bleve indexer (#16474) (#16509) 2021-07-22 11:42:32 +08:00
lfs Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
log Fix race in log (#16490) (#16505) 2021-07-21 20:19:36 +08:00
markup Fix issue markdown bugs (#17413) 2021-10-23 23:30:46 +08:00
matchlist Add Allow-/Block-List for Migrate & Mirrors (#13610) 2020-11-28 19:37:58 -05:00
metrics Prometheus endpoint (#5256) 2018-11-04 22:20:00 -05:00
migrations Fix bug of migrate comments which only fetch one page (#17055) (#17058) 2021-09-15 14:01:54 -04:00
nosql Fix setting redis db path (#15698) 2021-05-03 13:24:24 -04:00
notification API pull's head/base have correct permission(#17214) (#17245) 2021-10-07 12:39:23 +03:00
options Add StatDir and replace com.StatDir (#14099) 2020-12-22 07:40:57 +08:00
password Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
pprof Add golangci (#6418) 2019-06-12 15:41:28 -04:00
private Fix dump and restore respository (#16698) (#16898) 2021-08-31 10:44:14 +01:00
process Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
public Improve assets handler middleware (#15961) 2021-05-30 18:25:11 +08:00
queue Fix race in log (#16490) (#16505) 2021-07-21 20:19:36 +08:00
recaptcha Migrate to use jsoniter instead of encoding/json (#14841) 2021-03-01 22:08:10 +01:00
references Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
repofiles Read expected buffer size (#17409) (#17430) 2021-10-25 17:46:56 +01:00
repository Ensure that git daemon export ok is created for mirrors (#17243) (#17306) 2021-10-14 18:07:53 +02:00
secret Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
session Migrate to use jsoniter instead of encoding/json (#14841) 2021-03-01 22:08:10 +01:00
setting Disable core.protectNTFS (#17300) (#17302) 2021-10-13 23:02:45 +03:00
ssh Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH (#17281) (#17376) 2021-10-21 16:37:49 +08:00
storage Fix storage Iterate bug and Add storage doctor to delete garbage attachments (#16971) (#16977) 2021-09-07 19:39:05 +01:00
structs Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
svg Fix filepath basename on Windows for SVG bindata (#12241) 2020-07-13 21:16:40 +01:00
sync Fix missing unlock in uniquequeue (#9790) 2020-01-15 23:58:33 +02:00
task Fix bug of migrated repository not index (#16991) (#16996) 2021-09-09 07:02:22 +01:00
templates Report the correct number of pushes on the feeds (#16811) (#16822) 2021-08-26 02:30:13 -04:00
test Move middlewares to web/middleware (#14480) 2021-01-30 10:55:53 +02:00
timeutil Allow mocking timeutil (#17354) (#17356) 2021-10-18 16:48:23 -05:00
translation Use index of the supported tags to choose user lang (#15452) 2021-04-14 19:52:01 +01:00
typesniffer Read expected buffer size (#17409) (#17430) 2021-10-25 17:46:56 +01:00
upload Update golangci-lint to version 1.31.0 (#13102) 2020-10-11 21:27:20 +01:00
uri Dump github/gitlab/gitea repository data to a local directory and restore to gitea (#12244) 2020-12-27 11:34:19 +08:00
user Add gitea-vet (#10948) 2020-04-05 07:20:50 +01:00
util Read expected buffer size (#17409) (#17430) 2021-10-25 17:46:56 +01:00
validation Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
web Restore CORS on git smart http protocol (#16496) (#16506) 2021-07-21 15:03:02 +01:00