diff --git a/services/lfs/server.go b/services/lfs/server.go

index 320c8e728116df952a4898e68f819b7619bab5d4..758f4ebfe0c57f2bf42f7333609c490cc28d215e 100644 (file)
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@@ -18,6 +18,7 @@ import (
         "strconv"
         "strings"
  
+       actions_model "code.gitea.io/gitea/models/actions"
         git_model "code.gitea.io/gitea/models/git"
         "code.gitea.io/gitea/models/perm"
         access_model "code.gitea.io/gitea/models/perm/access"
@@ -495,10 +496,27 @@ func authenticate(ctx *context.Context, repository *repo_model.Repository, autho
                 accessMode = perm.AccessModeWrite
         }
  
+       if ctx.Data["IsActionsToken"] == true {
+               taskID := ctx.Data["ActionsTaskID"].(int64)
+               task, err := actions_model.GetTaskByID(ctx, taskID)
+               if err != nil {
+                       log.Error("Unable to GetTaskByID for task[%d] Error: %v", taskID, err)
+                       return false
+               }
+               if task.RepoID != repository.ID {
+                       return false
+               }
+
+               if task.IsForkPullRequest {
+                       return accessMode <= perm.AccessModeRead
+               }
+               return accessMode <= perm.AccessModeWrite
+       }
+
         // ctx.IsSigned is unnecessary here, this will be checked in perm.CanAccess
         perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer)
         if err != nil {
-               log.Error("Unable to GetUserRepoPermission for user %-v in repo %-v Error: %v", ctx.Doer, repository)
+               log.Error("Unable to GetUserRepoPermission for user %-v in repo %-v Error: %v", ctx.Doer, repository, err)
                 return false
         }
author	Giteabot <teabot@gitea.io>
	Sun, 2 Apr 2023 20:30:33 +0000 (16:30 -0400)
committer	GitHub <noreply@github.com>
	Sun, 2 Apr 2023 20:30:33 +0000 (21:30 +0100)