diff options
author | Lunny Xiao <xiaolunwen@gmail.com> | 2016-12-17 19:49:17 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-12-17 19:49:17 +0800 |
commit | 7c46667e7146f9cb05908591c6579f9eea2f4574 (patch) | |
tree | aef2d9e887dff95d3320a5fe8a63f28582398972 | |
parent | 44428fdc38fd0b5418bd2aaeb8ffa653d94a3aee (diff) | |
download | gitea-7c46667e7146f9cb05908591c6579f9eea2f4574.tar.gz gitea-7c46667e7146f9cb05908591c6579f9eea2f4574.zip |
fixed vulnerabilities labels (#409)
-rw-r--r-- | models/issue.go | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/models/issue.go b/models/issue.go index 4937bf1b56..8d8c304666 100644 --- a/models/issue.go +++ b/models/issue.go @@ -87,13 +87,20 @@ func (issue *Issue) AfterSet(colName string, _ xorm.Cell) { } } -func (issue *Issue) loadAttributes(e Engine) (err error) { +func (issue *Issue) loadRepo(e Engine) (err error) { if issue.Repo == nil { issue.Repo, err = getRepositoryByID(e, issue.RepoID) if err != nil { return fmt.Errorf("getRepositoryByID [%d]: %v", issue.RepoID, err) } } + return nil +} + +func (issue *Issue) loadAttributes(e Engine) (err error) { + if err := issue.loadRepo(e); err != nil { + return err + } if issue.Poster == nil { issue.Poster, err = getUserByID(e, issue.PosterID) @@ -322,6 +329,16 @@ func (issue *Issue) removeLabel(e *xorm.Session, label *Label) error { // RemoveLabel removes a label from issue by given ID. func (issue *Issue) RemoveLabel(doer *User, label *Label) error { + if err := issue.loadRepo(x); err != nil { + return err + } + + if has, err := HasAccess(doer, issue.Repo, AccessModeWrite); err != nil { + return err + } else if !has { + return ErrLabelNotExist{} + } + if err := DeleteIssueLabel(issue, label); err != nil { return err } @@ -353,6 +370,16 @@ func (issue *Issue) ClearLabels(doer *User) (err error) { return err } + if err := issue.loadRepo(sess); err != nil { + return err + } + + if has, err := hasAccess(sess, doer, issue.Repo, AccessModeWrite); err != nil { + return err + } else if !has { + return ErrLabelNotExist{} + } + if err = issue.clearLabels(sess); err != nil { return err } |