Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix comment permissions #28213

Merged
merged 20 commits into from
Nov 25, 2023
Merged

Fix comment permissions #28213

merged 20 commits into from
Nov 25, 2023

Conversation

lunny
Copy link
Member

@lunny lunny commented Nov 25, 2023
edited
Loading

This PR will fix some missed checks for private repositories' data on web routes and API routes.

@lunny lunny added type/bug backport/v1.20 This PR should be backported to Gitea 1.20 backport/v1.21 This PR should be backported to Gitea 1.21 labels Nov 25, 2023
@lunny lunny added this to the 1.22.0 milestone Nov 25, 2023
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 25, 2023
@pull-request-size pull-request-size bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Nov 25, 2023
@github-actions github-actions bot added the modifies/api This PR adds API routes or modifies them label Nov 25, 2023
@delvh
Copy link
Member

delvh commented Nov 25, 2023

We can also think of including the changes in the three subsequent files starting at https://github.com/go-gitea/gitea/pull/28212/files#diff-48b3002b3f2195c08566ae3ab77c489ef4d6c07b7be4a734b7071d6533e11066 as well.

delvh
delvh approved these changes Nov 25, 2023
View reviewed changes
Copy link
Member

@delvh delvh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nevertheless, LGTM

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 25, 2023
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 25, 2023
@lafriks lafriks enabled auto-merge (squash) November 25, 2023 12:39
@lafriks
Copy link
Member

lafriks commented Nov 25, 2023

Test failure related to changes in test cases

@pull-request-size pull-request-size bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Nov 25, 2023
@lunny lunny added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Nov 25, 2023
@lunny lunny enabled auto-merge (squash) November 25, 2023 17:15
@lunny lunny merged commit 882e502 into go-gitea:main Nov 25, 2023
25 checks passed
@GiteaBot
Copy link
Contributor

I was unable to create a backport for 1.20. @lunny, please send one manually. 🍵

go run ./contrib/backport 28213
...  // fix git conflicts if any
go run ./contrib/backport --continue

@GiteaBot GiteaBot added the backport/manual No power to the bots! Create your backport yourself! label Nov 25, 2023
@GiteaBot
Copy link
Contributor

I was unable to create a backport for 1.21. @lunny, please send one manually. 🍵

go run ./contrib/backport 28213
...  // fix git conflicts if any
go run ./contrib/backport --continue

@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Nov 25, 2023
This was referenced Nov 25, 2023
Closed
Closed
@lunny lunny deleted the lunny/fix_comment_permissions branch November 25, 2023 17:22
lunny added a commit to lunny/gitea that referenced this pull request Nov 25, 2023
@lunny
Fix comment permissions (go-gitea#28213)
3fde94d 
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
@lunny lunny mentioned this pull request Nov 25, 2023
Merged
lunny added a commit to lunny/gitea that referenced this pull request Nov 25, 2023
@lunny
Fix comment permissions (go-gitea#28213)
0d6cb84 
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
@lunny lunny mentioned this pull request Nov 25, 2023
Merged
@lunny lunny added the backport/done All backports for this PR have been created label Nov 25, 2023
lafriks pushed a commit that referenced this pull request Nov 25, 2023
@lunny
Fix comment permissions (#28213) (#28217)
dfd511f 
backport #28213 

This PR will fix some missed checks for private repositories' data on
web routes and API routes.
lafriks pushed a commit that referenced this pull request Nov 25, 2023
@lunny
Fix comment permissions (#28213) (#28216)
bc3d8bf 
backport #28213

This PR will fix some missed checks for private repositories' data on
web routes and API routes.
@lunny lunny added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Nov 26, 2023
zjjhot added a commit to zjjhot/gitea that referenced this pull request Nov 27, 2023
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
b5c792f 
* giteaofficial/main:
  Fix actions when tagging (go-gitea#28061)
  Fix comment permissions (go-gitea#28213)
  Docs: Replace deprecated IS_TLS_ENABLED mailer setting in email setup (go-gitea#28205)
  Fix delete-orphaned-repos (go-gitea#28200)
  Refactor graceful manager to use shared code (go-gitea#28073)
  Fix some incorrect links in docs (go-gitea#28191)
  Remove workaround in disk-clean.yml (go-gitea#28195)
fuxiaohei pushed a commit to fuxiaohei/gitea that referenced this pull request Jan 17, 2024
@lunny @fuxiaohei
Fix comment permissions (go-gitea#28213)
5513590 
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
silverwind pushed a commit to silverwind/gitea that referenced this pull request Feb 20, 2024
@lunny @silverwind
Fix comment permissions (go-gitea#28213)
12630a5 
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Feb 23, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wxiaoguang wxiaoguang wxiaoguang left review comments

@delvh delvh delvh approved these changes

@lafriks lafriks lafriks approved these changes

@KN4CK3R KN4CK3R Awaiting requested review from KN4CK3R

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created backport/manual No power to the bots! Create your backport yourself! backport/v1.20 This PR should be backported to Gitea 1.20 backport/v1.21 This PR should be backported to Gitea 1.21 lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Milestone
1.22.0
Development

Successfully merging this pull request may close these issues.
5 participants
@lunny @delvh @lafriks @GiteaBot @wxiaoguang