Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Commits should consider user permissions when creating comments on referenced issues #8259

Closed
guillep2k opened this issue Sep 22, 2019 · 0 comments · Fixed by #8261
Closed

Commits should consider user permissions when creating comments on referenced issues #8259

guillep2k opened this issue Sep 22, 2019 · 0 comments · Fixed by #8261
Labels
type/bug

Comments

@guillep2k
Copy link
Member

  • Gitea version (or commit ref): 1.9.3

Description

Currently UpdateIssuesCommit() creates a cross-reference comment on another repository even if the user has no permission whatsoever on it.

gitea/models/action.go

Lines 572 to 600 in 63ff616

for _, m := range issueReferenceKeywordsPat.FindAllStringSubmatch(c.Message, -1) {
if len(m[3]) == 0 {
continue
}
ref := m[3]
// issue is from another repo
if len(m[1]) > 0 && len(m[2]) > 0 {
refRepo, err = GetRepositoryFromMatch(m[1], m[2])
if err != nil {
continue
}
} else {
refRepo = repo
}
issue, err := getIssueFromRef(refRepo, ref)
if err != nil {
return err
}
if issue == nil || refMarked[issue.ID] {
continue
}
refMarked[issue.ID] = true
message := fmt.Sprintf(`<a href="%s/commit/%s">%s</a>`, repo.Link(), c.Sha1, html.EscapeString(c.Message))
if err = CreateRefComment(doer, refRepo, issue, message, c.Sha1); err != nil {
return err
}

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
2 participants
@lunny @guillep2k