summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2023-06-01 01:06:17 +0800
committerGitHub <noreply@github.com>2023-05-31 19:06:17 +0200
commit5d23c885eda54917078182b6f01441b15a517c1e (patch)
treed543071ada7879ee57491ef541b90d8cef1f7e11
parent48bfea6705f43c84dcb800f7bc5ab5922aebd89c (diff)
downloadgitea-5d23c885eda54917078182b6f01441b15a517c1e.tar.gz
gitea-5d23c885eda54917078182b6f01441b15a517c1e.zip
Fix users cannot visit issue attachment bug (#25019)
Caused by #24362 Co-authored-by: Giteabot <teabot@gitea.io>
-rw-r--r--routers/web/repo/attachment.go5
-rw-r--r--tests/integration/attachment_test.go3
2 files changed, 3 insertions, 5 deletions
diff --git a/routers/web/repo/attachment.go b/routers/web/repo/attachment.go
index fb95e63ecf..dd24248024 100644
--- a/routers/web/repo/attachment.go
+++ b/routers/web/repo/attachment.go
@@ -110,11 +110,6 @@ func ServeAttachment(ctx *context.Context, uuid string) {
return
}
} else { // If we have the repository we check access
- context.CheckRepoScopedToken(ctx, repository)
- if ctx.Written() {
- return
- }
-
perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer)
if err != nil {
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error())
diff --git a/tests/integration/attachment_test.go b/tests/integration/attachment_test.go
index a92814ecee..ff62726487 100644
--- a/tests/integration/attachment_test.go
+++ b/tests/integration/attachment_test.go
@@ -89,6 +89,9 @@ func TestCreateIssueAttachment(t *testing.T) {
// Validate that attachment is available
req = NewRequest(t, "GET", "/attachments/"+uuid)
session.MakeRequest(t, req, http.StatusOK)
+
+ // anonymous visit should be allowed because user2/repo1 is a public repository
+ MakeRequest(t, req, http.StatusOK)
}
func TestGetAttachment(t *testing.T) {