]> source.dussan.org Git - gitea.git/commitdiff
projects / gitea.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 02efd99)
Allow users with write permissions for issues to add attachments with API (#26837)
authorZettat123 <zettat123@gmail.com>
Fri, 1 Sep 2023 15:35:38 +0000 (23:35 +0800)
committerGitHub <noreply@github.com>
Fri, 1 Sep 2023 15:35:38 +0000 (15:35 +0000)
Fixes #24944

Since a user with write permissions for issues can add attachments to an
issue via the the web interface, the user should also be able to add
attachments via the API

routers/api/v1/repo/issue_attachment.go patch | blob | history

diff --git a/routers/api/v1/repo/issue_attachment.go b/routers/api/v1/repo/issue_attachment.go
index ad83c206d9c6039f472f6497547425ed27561b7e..c689e70a085b901fafa38ef515c0f9f6875ed49e 100644 (file)
--- a/routers/api/v1/repo/issue_attachment.go
+++ b/routers/api/v1/repo/issue_attachment.go
@@ -344,7 +344,7 @@ func getIssueAttachmentSafeRead(ctx *context.APIContext, issue *issues_model.Iss
 }
 
 func canUserWriteIssueAttachment(ctx *context.APIContext, issue *issues_model.Issue) bool {
-       canEditIssue := ctx.IsSigned && (ctx.Doer.ID == issue.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin()) && ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)
+       canEditIssue := ctx.IsSigned && (ctx.Doer.ID == issue.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin() || ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull))
        if !canEditIssue {
                ctx.Error(http.StatusForbidden, "", "user should have permission to write issue")
                return false
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea