auth fix

diff --git a/routers/repo/issue.go b/routers/repo/issue.go
index 339d5a4da24c9608583aac0990c4eb38765b000e..67d3059f5231dbcbaf2661f1d81d1dc098e098e9 100644 (file)
--- a/routers/repo/issue.go
+++ b/routers/repo/issue.go
@@ -117,11 +117,6 @@ func ViewIssue(ctx *middleware.Context, params martini.Params) {
 }
 
 func UpdateIssue(ctx *middleware.Context, params martini.Params, form auth.CreateIssueForm) {
-       if !ctx.Repo.IsOwner {
-               ctx.Handle(404, "issue.UpdateIssue", nil)
-               return
-       }
-
        index, err := base.StrTo(params["index"]).Int()
        if err != nil {
                ctx.Handle(404, "issue.UpdateIssue", err)
@@ -138,6 +133,11 @@ func UpdateIssue(ctx *middleware.Context, params martini.Params, form auth.Creat
                return
        }
 
+       if ctx.User.Id != issue.PosterId {
+               ctx.Handle(404, "issue.UpdateIssue", nil)
+               return
+       }
+
        issue.Name = form.IssueName
        issue.MilestoneId = form.MilestoneId
        issue.AssigneeId = form.AssigneeId