Fix markup preview (#31158) (#31166)

Backport #31158 by @wxiaoguang

Fix #31157

After:

![image](https://github.com/go-gitea/gitea/assets/2114189/4d918cce-cd0d-4601-9c81-4b32df1b0b38)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

diff --git a/routers/web/web.go b/routers/web/web.go
index 194a67bf03da1a8631ad5cd099b326b4c190e6a0..d3a094ca789374a9660664ca1b2401e1bdb11bb2 100644 (file)
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1125,6 +1125,9 @@ func registerRoutes(m *web.Route) {
        // user/org home, including rss feeds
        m.Get("/{username}/{reponame}", ignSignIn, context.RepoAssignment, context.RepoRef(), repo.SetEditorconfigIfExists, repo.Home)
 
+       // TODO: maybe it should relax the permission to allow "any access"
+       m.Post("/{username}/{reponame}/markup", ignSignIn, context.RepoAssignment, context.RequireRepoReaderOr(unit.TypeCode, unit.TypeIssues, unit.TypePullRequests, unit.TypeReleases, unit.TypeWiki), web.Bind(structs.MarkupOption{}), misc.Markup)
+
        m.Group("/{username}/{reponame}", func() {
                m.Get("/find/*", repo.FindFiles)
                m.Group("/tree-list", func() {
@@ -1236,8 +1239,6 @@ func registerRoutes(m *web.Route) {
                        m.Post("/reactions/{action}", web.Bind(forms.ReactionForm{}), repo.ChangeCommentReaction)
                }, context.RepoMustNotBeArchived())
 
-               m.Post("/markup", web.Bind(structs.MarkupOption{}), misc.Markup)
-
                m.Group("/labels", func() {
                        m.Post("/new", web.Bind(forms.CreateLabelForm{}), repo.NewLabel)
                        m.Post("/edit", web.Bind(forms.CreateLabelForm{}), repo.UpdateLabel)