diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2023-11-26 07:43:23 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-25 23:43:23 +0000 |
| commit | bc3d8bff73a5bd307dc825254b51bfedd722f078 (patch) | |
| tree | 3e36c10cc0015ce9339f3520411ec9ff742e1d7c /models/issues/comment.go | |
| parent | 7f81110461903685807f2e863d67fe89db1be060 (diff) | |
| download | gitea-bc3d8bff73a5bd307dc825254b51bfedd722f078.tar.gz gitea-bc3d8bff73a5bd307dc825254b51bfedd722f078.zip | |
Fix comment permissions (#28213) (#28216)
backport #28213
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
Diffstat (limited to 'models/issues/comment.go')
| -rw-r--r-- | models/issues/comment.go | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/models/issues/comment.go b/models/issues/comment.go index df1a300354..9eaa8a6eba 100644 --- a/models/issues/comment.go +++ b/models/issues/comment.go @@ -1016,6 +1016,7 @@ type FindCommentsOptions struct { Type CommentType IssueIDs []int64 Invalidated util.OptionalBool + IsPull util.OptionalBool } // ToConds implements FindOptions interface @@ -1050,6 +1051,9 @@ func (opts *FindCommentsOptions) ToConds() builder.Cond { if !opts.Invalidated.IsNone() { cond = cond.And(builder.Eq{"comment.invalidated": opts.Invalidated.IsTrue()}) } + if opts.IsPull != util.OptionalBoolNone { + cond = cond.And(builder.Eq{"issue.is_pull": opts.IsPull.IsTrue()}) + } return cond } @@ -1057,7 +1061,7 @@ func (opts *FindCommentsOptions) ToConds() builder.Cond { func FindComments(ctx context.Context, opts *FindCommentsOptions) (CommentList, error) { comments := make([]*Comment, 0, 10) sess := db.GetEngine(ctx).Where(opts.ToConds()) - if opts.RepoID > 0 { + if opts.RepoID > 0 || opts.IsPull != util.OptionalBoolNone { sess.Join("INNER", "issue", "issue.id = comment.issue_id") } |