diff options
| author | zeripath <art27@cantab.net> | 2022-01-26 20:01:35 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-26 20:01:35 +0000 |
| commit | 9a75c2741d2806f5bb12d21b5a9d7387b2d44073 (patch) | |
| tree | dddcce80b8095fa24edf683a6e61a58b0fb56835 | |
| parent | 3bb028cc46401a8a54ecab7e7c035dbb24937b6c (diff) | |
| download | gitea-9a75c2741d2806f5bb12d21b5a9d7387b2d44073.tar.gz gitea-9a75c2741d2806f5bb12d21b5a9d7387b2d44073.zip | |
Only view milestones from current repo (#18414)
The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to
the repo. This PR restricts the milestones to those within the repo.
Signed-off-by: Andrew Thornton <art27@cantab.net>
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | models/issue_milestone.go | 16 | ||||
| -rw-r--r-- | routers/web/repo/issue.go | 4 | ||||
| -rw-r--r-- | routers/web/repo/milestone.go | 2 |
4 files changed, 4 insertions, 20 deletions
@@ -97,7 +97,7 @@ require ( github.com/quasoft/websspi v1.0.0 github.com/rs/xid v1.3.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/santhosh-tekuri/jsonschema/v5 v5.0.0 // indirect + github.com/santhosh-tekuri/jsonschema/v5 v5.0.0 github.com/sergi/go-diff v1.2.0 github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749 // indirect github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546 diff --git a/models/issue_milestone.go b/models/issue_milestone.go index 7f2fd9a1f3..a321718513 100644 --- a/models/issue_milestone.go +++ b/models/issue_milestone.go @@ -134,22 +134,6 @@ func GetMilestoneByRepoIDANDName(repoID int64, name string) (*Milestone, error) return &mile, nil } -// GetMilestoneByID returns the milestone via id . -func GetMilestoneByID(id int64) (*Milestone, error) { - return getMilestoneByID(db.GetEngine(db.DefaultContext), id) -} - -func getMilestoneByID(e db.Engine, id int64) (*Milestone, error) { - var m Milestone - has, err := e.ID(id).Get(&m) - if err != nil { - return nil, err - } else if !has { - return nil, ErrMilestoneNotExist{ID: id, RepoID: 0} - } - return &m, nil -} - // UpdateMilestone updates information of given milestone. func UpdateMilestone(m *Milestone, oldIsClosed bool) error { ctx, committer, err := db.TxContext() diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go index 4f2716763a..c4928054a0 100644 --- a/routers/web/repo/issue.go +++ b/routers/web/repo/issue.go @@ -799,7 +799,7 @@ func NewIssue(ctx *context.Context) { milestoneID := ctx.FormInt64("milestone") if milestoneID > 0 { - milestone, err := models.GetMilestoneByID(milestoneID) + milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID) if err != nil { log.Error("GetMilestoneByID: %d: %v", milestoneID, err) } else { @@ -886,7 +886,7 @@ func ValidateRepoMetas(ctx *context.Context, form forms.CreateIssueForm, isPull // Check milestone. milestoneID := form.MilestoneID if milestoneID > 0 { - milestone, err := models.GetMilestoneByID(milestoneID) + milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID) if err != nil { ctx.ServerError("GetMilestoneByID", err) return nil, nil, 0, 0 diff --git a/routers/web/repo/milestone.go b/routers/web/repo/milestone.go index eadc89333f..df5fd411b4 100644 --- a/routers/web/repo/milestone.go +++ b/routers/web/repo/milestone.go @@ -264,7 +264,7 @@ func DeleteMilestone(ctx *context.Context) { // MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone func MilestoneIssuesAndPulls(ctx *context.Context) { milestoneID := ctx.ParamsInt64(":id") - milestone, err := models.GetMilestoneByID(milestoneID) + milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID) if err != nil { if models.IsErrMilestoneNotExist(err) { ctx.NotFound("GetMilestoneByID", err) |