diff options
| author | zeripath <art27@cantab.net> | 2022-05-20 17:57:49 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-20 18:57:49 +0200 |
| commit | a9af93cb216e9b5f4d1841d18593589143fbdc9c (patch) | |
| tree | d212e3951b723f8759aca156c0cb73b249c3e588 /modules/convert | |
| parent | fd7d83ace60258acf7139c4c787aa8af75b7ba8c (diff) | |
| download | gitea-a9af93cb216e9b5f4d1841d18593589143fbdc9c.tar.gz gitea-a9af93cb216e9b5f4d1841d18593589143fbdc9c.zip | |
Nuke the incorrect permission report on /api/v1/notifications (#19761)
The permissions created in convertRepo use a minimal perm.AccessModeRead instead of
correctly computing the permission for the repository. This incorrect permission is
then reported to the user.
I do not believe that reporting the permissions is helpful and therefore I propose
we simply null these out. The user can check their permissions using a different
endpoint.
Fix #19759
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules/convert')
| -rw-r--r-- | modules/convert/notification.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/convert/notification.go b/modules/convert/notification.go index f304eadf69..1efba5745c 100644 --- a/modules/convert/notification.go +++ b/modules/convert/notification.go @@ -25,6 +25,11 @@ func ToNotificationThread(n *models.Notification) *api.NotificationThread { // since user only get notifications when he has access to use minimal access mode if n.Repository != nil { result.Repository = ToRepo(n.Repository, perm.AccessModeRead) + + // This permission is not correct and we should not be reporting it + for repository := result.Repository; repository != nil; repository = repository.Parent { + repository.Permissions = nil + } } // handle Subject |