diff --git a/models/issues/issue_project.go b/models/issues/issue_project.go index 616bcc753e646..7db08bdcfe731 100644 --- a/models/issues/issue_project.go +++ b/models/issues/issue_project.go @@ -113,7 +113,7 @@ func IssueAssignOrRemoveProject(ctx context.Context, issue *Issue, doer *user_mo } newColumnID = newDefaultColumn.ID } - if !newProject.CanBeAccessedByOwnerRepo(issue.Repo.OwnerID, issue.Repo.ID) { + if !newProject.CanBeAccessedByOwnerRepo(issue.Repo.OwnerID, issue.Repo) { return util.NewPermissionDeniedErrorf("issue %d can't be accessed by project %d", issue.ID, newProject.ID) } } @@ -145,7 +145,7 @@ func IssueAssignOrRemoveProject(ctx context.Context, issue *Issue, doer *user_mo MaxSorting int64 IssueCount int64 }{} - if _, err := db.GetEngine(ctx).Select("max(sorting) as MaxSorting, count(*) as IssueCount").Table("project_issue"). + if _, err := db.GetEngine(ctx).Select("max(sorting) as max_sorting, count(*) as issue_count").Table("project_issue"). Where("project_id=?", newProjectID). And("project_board_id=?", newColumnID). Get(&res); err != nil { diff --git a/models/project/board.go b/models/project/board.go index 7cddd823d281d..f0299b31100bf 100644 --- a/models/project/board.go +++ b/models/project/board.go @@ -176,7 +176,7 @@ func NewBoard(ctx context.Context, board *Board) error { MaxSorting int64 ColumnCount int64 }{} - if _, err := db.GetEngine(ctx).Select("max(sorting) as MaxSorting, count(*) as ColumnCount").Table("project_board"). + if _, err := db.GetEngine(ctx).Select("max(sorting) as max_sorting, count(*) as column_count").Table("project_board"). Where("project_id=?", board.ProjectID).Get(&res); err != nil { return err } diff --git a/models/project/board_test.go b/models/project/board_test.go index 758611a4c34ac..da922ff7adaaa 100644 --- a/models/project/board_test.go +++ b/models/project/board_test.go @@ -84,9 +84,9 @@ func Test_MoveColumnsOnProject(t *testing.T) { columns, err := project1.GetBoards(db.DefaultContext) assert.NoError(t, err) assert.Len(t, columns, 3) - assert.EqualValues(t, 0, columns[0].Sorting) - assert.EqualValues(t, 1, columns[1].Sorting) - assert.EqualValues(t, 2, columns[2].Sorting) + assert.EqualValues(t, 0, columns[0].Sorting) // even if there is no default sorting, the code should also work + assert.EqualValues(t, 0, columns[1].Sorting) + assert.EqualValues(t, 0, columns[2].Sorting) err = MoveColumnsOnProject(db.DefaultContext, project1, map[int64]int64{ 0: columns[1].ID, @@ -97,7 +97,7 @@ func Test_MoveColumnsOnProject(t *testing.T) { columnsAfter, err := project1.GetBoards(db.DefaultContext) assert.NoError(t, err) - assert.Len(t, columns, 3) + assert.Len(t, columnsAfter, 3) assert.EqualValues(t, columns[1].ID, columnsAfter[0].ID) assert.EqualValues(t, columns[2].ID, columnsAfter[1].ID) assert.EqualValues(t, columns[0].ID, columnsAfter[2].ID) diff --git a/models/project/project.go b/models/project/project.go index a1cdf56eff5c4..8be38694c5223 100644 --- a/models/project/project.go +++ b/models/project/project.go @@ -161,9 +161,9 @@ func (p *Project) IsRepositoryProject() bool { return p.Type == TypeRepository } -func (p *Project) CanBeAccessedByOwnerRepo(ownerID, repoID int64) bool { +func (p *Project) CanBeAccessedByOwnerRepo(ownerID int64, repo *repo_model.Repository) bool { if p.Type == TypeRepository { - return p.RepoID == repoID // if a project belongs to a repository, then its OwnerID is 0 and can be ignored + return repo != nil && p.RepoID == repo.ID // if a project belongs to a repository, then its OwnerID is 0 and can be ignored } return p.OwnerID == ownerID && p.RepoID == 0 } diff --git a/routers/web/shared/project/column.go b/routers/web/shared/project/column.go index f20f8b3b19a66..599842ea9e9bc 100644 --- a/routers/web/shared/project/column.go +++ b/routers/web/shared/project/column.go @@ -16,12 +16,8 @@ func MoveColumns(ctx *context.Context) { ctx.NotFoundOrServerError("GetProjectByID", project_model.IsErrProjectNotExist, err) return } - if project.OwnerID > 0 && project.OwnerID != ctx.ContextUser.ID { - ctx.NotFound("InvalidOwnerID", nil) - return - } - if project.RepoID > 0 && project.RepoID != ctx.Repo.Repository.ID { - ctx.NotFound("InvalidRepoID", nil) + if !project.CanBeAccessedByOwnerRepo(ctx.ContextUser.ID, ctx.Repo.Repository) { + ctx.NotFound("CanBeAccessedByOwnerRepo", nil) return }