Skip to content

Commit 9d9ad1b

Browse files
zeripathzeripath
authored
Only view milestones from current repo (#18414) (#18418)
Backport #18414 The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to the repo. This PR restricts the milestones to those within the repo. Signed-off-by: Andrew Thornton <art27@cantab.net>
1 parent df57524 commit 9d9ad1b

File tree

3 files changed

+15
-34
lines changed

3 files changed

+15
-34
lines changed

models/issue_milestone.go

-16
Original file line numberDiff line numberDiff line change
@@ -127,22 +127,6 @@ func GetMilestoneByRepoIDANDName(repoID int64, name string) (*Milestone, error)
127127
return &mile, nil
128128
}
129129

130-
// GetMilestoneByID returns the milestone via id .
131-
func GetMilestoneByID(id int64) (*Milestone, error) {
132-
return getMilestoneByID(x, id)
133-
}
134-
135-
func getMilestoneByID(e Engine, id int64) (*Milestone, error) {
136-
var m Milestone
137-
has, err := e.ID(id).Get(&m)
138-
if err != nil {
139-
return nil, err
140-
} else if !has {
141-
return nil, ErrMilestoneNotExist{ID: id, RepoID: 0}
142-
}
143-
return &m, nil
144-
}
145-
146130
// UpdateMilestone updates information of given milestone.
147131
func UpdateMilestone(m *Milestone, oldIsClosed bool) error {
148132
sess := x.NewSession()

routers/web/repo/issue.go

+14-17
Original file line numberDiff line numberDiff line change
@@ -51,17 +51,15 @@ const (
5151
issueTemplateTitleKey = "IssueTemplateTitle"
5252
)
5353

54-
var (
55-
// IssueTemplateCandidates issue templates
56-
IssueTemplateCandidates = []string{
57-
"ISSUE_TEMPLATE.md",
58-
"issue_template.md",
59-
".gitea/ISSUE_TEMPLATE.md",
60-
".gitea/issue_template.md",
61-
".github/ISSUE_TEMPLATE.md",
62-
".github/issue_template.md",
63-
}
64-
)
54+
// IssueTemplateCandidates issue templates
55+
var IssueTemplateCandidates = []string{
56+
"ISSUE_TEMPLATE.md",
57+
"issue_template.md",
58+
".gitea/ISSUE_TEMPLATE.md",
59+
".gitea/issue_template.md",
60+
".github/ISSUE_TEMPLATE.md",
61+
".github/issue_template.md",
62+
}
6563

6664
// MustAllowUserComment checks to make sure if an issue is locked.
6765
// If locked and user has permissions to write to the repository,
@@ -239,7 +237,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption uti
239237
}
240238
}
241239

242-
var issueList = models.IssueList(issues)
240+
issueList := models.IssueList(issues)
243241
approvalCounts, err := issueList.GetApprovalCounts()
244242
if err != nil {
245243
ctx.ServerError("ApprovalCounts", err)
@@ -422,7 +420,6 @@ func RetrieveRepoMilestonesAndAssignees(ctx *context.Context, repo *models.Repos
422420
}
423421

424422
func retrieveProjects(ctx *context.Context, repo *models.Repository) {
425-
426423
var err error
427424

428425
ctx.Data["OpenProjects"], _, err = models.GetProjects(models.ProjectSearchOptions{
@@ -781,7 +778,7 @@ func NewIssue(ctx *context.Context) {
781778

782779
milestoneID := ctx.QueryInt64("milestone")
783780
if milestoneID > 0 {
784-
milestone, err := models.GetMilestoneByID(milestoneID)
781+
milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
785782
if err != nil {
786783
log.Error("GetMilestoneByID: %d: %v", milestoneID, err)
787784
} else {
@@ -865,7 +862,7 @@ func ValidateRepoMetas(ctx *context.Context, form forms.CreateIssueForm, isPull
865862
// Check milestone.
866863
milestoneID := form.MilestoneID
867864
if milestoneID > 0 {
868-
ctx.Data["Milestone"], err = repo.GetMilestoneByID(milestoneID)
865+
ctx.Data["Milestone"], err = models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
869866
if err != nil {
870867
ctx.ServerError("GetMilestoneByID", err)
871868
return nil, nil, 0, 0
@@ -2446,7 +2443,7 @@ func filterXRefComments(ctx *context.Context, issue *models.Issue) error {
24462443
// GetIssueAttachments returns attachments for the issue
24472444
func GetIssueAttachments(ctx *context.Context) {
24482445
issue := GetActionIssue(ctx)
2449-
var attachments = make([]*api.Attachment, len(issue.Attachments))
2446+
attachments := make([]*api.Attachment, len(issue.Attachments))
24502447
for i := 0; i < len(issue.Attachments); i++ {
24512448
attachments[i] = convert.ToReleaseAttachment(issue.Attachments[i])
24522449
}
@@ -2460,7 +2457,7 @@ func GetCommentAttachments(ctx *context.Context) {
24602457
ctx.NotFoundOrServerError("GetCommentByID", models.IsErrCommentNotExist, err)
24612458
return
24622459
}
2463-
var attachments = make([]*api.Attachment, 0)
2460+
attachments := make([]*api.Attachment, 0)
24642461
if comment.Type == models.CommentTypeComment {
24652462
if err := comment.LoadAttachments(); err != nil {
24662463
ctx.ServerError("LoadAttachments", err)

routers/web/repo/milestone.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -268,7 +268,7 @@ func DeleteMilestone(ctx *context.Context) {
268268
// MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone
269269
func MilestoneIssuesAndPulls(ctx *context.Context) {
270270
milestoneID := ctx.ParamsInt64(":id")
271-
milestone, err := models.GetMilestoneByID(milestoneID)
271+
milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
272272
if err != nil {
273273
if models.IsErrMilestoneNotExist(err) {
274274
ctx.NotFound("GetMilestoneByID", err)

0 commit comments

Comments
 (0)