diff options
author | Lunny Xiao <xiaolunwen@gmail.com> | 2023-06-01 01:06:17 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-05-31 19:06:17 +0200 |
commit | 5d23c885eda54917078182b6f01441b15a517c1e (patch) | |
tree | d543071ada7879ee57491ef541b90d8cef1f7e11 | |
parent | 48bfea6705f43c84dcb800f7bc5ab5922aebd89c (diff) | |
download | gitea-5d23c885eda54917078182b6f01441b15a517c1e.tar.gz gitea-5d23c885eda54917078182b6f01441b15a517c1e.zip |
Fix users cannot visit issue attachment bug (#25019)
Caused by #24362
Co-authored-by: Giteabot <teabot@gitea.io>
-rw-r--r-- | routers/web/repo/attachment.go | 5 | ||||
-rw-r--r-- | tests/integration/attachment_test.go | 3 |
2 files changed, 3 insertions, 5 deletions
diff --git a/routers/web/repo/attachment.go b/routers/web/repo/attachment.go index fb95e63ecf..dd24248024 100644 --- a/routers/web/repo/attachment.go +++ b/routers/web/repo/attachment.go @@ -110,11 +110,6 @@ func ServeAttachment(ctx *context.Context, uuid string) { return } } else { // If we have the repository we check access - context.CheckRepoScopedToken(ctx, repository) - if ctx.Written() { - return - } - perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer) if err != nil { ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error()) diff --git a/tests/integration/attachment_test.go b/tests/integration/attachment_test.go index a92814ecee..ff62726487 100644 --- a/tests/integration/attachment_test.go +++ b/tests/integration/attachment_test.go @@ -89,6 +89,9 @@ func TestCreateIssueAttachment(t *testing.T) { // Validate that attachment is available req = NewRequest(t, "GET", "/attachments/"+uuid) session.MakeRequest(t, req, http.StatusOK) + + // anonymous visit should be allowed because user2/repo1 is a public repository + MakeRequest(t, req, http.StatusOK) } func TestGetAttachment(t *testing.T) { |