diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2020-01-20 20:00:32 +0800 |
|---|---|---|
| committer | Antoine GIRARD <sapk@users.noreply.github.com> | 2020-01-20 13:00:32 +0100 |
| commit | 6d6f1d568ec36786b1020f4b43cbd872228c6633 (patch) | |
| tree | 8aa01b789a6737644eeb1512887355357b1ed0a0 /routers/api/v1/repo/issue_reaction.go | |
| parent | 81cfe243f9cb90b0a75de7a03bb2d264c97f0036 (diff) | |
| download | gitea-6d6f1d568ec36786b1020f4b43cbd872228c6633.tar.gz gitea-6d6f1d568ec36786b1020f4b43cbd872228c6633.zip | |
Fix wrong permissions check when issues/prs shared operations (#9885)
* Fix wrong permissions check when issues/prs shared operations
* move redirect to the last of the function
* fix swagger
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Diffstat (limited to 'routers/api/v1/repo/issue_reaction.go')
| -rw-r--r-- | routers/api/v1/repo/issue_reaction.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/routers/api/v1/repo/issue_reaction.go b/routers/api/v1/repo/issue_reaction.go index 40632dcab7..9c1322b3fe 100644 --- a/routers/api/v1/repo/issue_reaction.go +++ b/routers/api/v1/repo/issue_reaction.go @@ -179,7 +179,7 @@ func changeIssueCommentReaction(ctx *context.APIContext, form api.EditReactionOp ctx.Error(http.StatusInternalServerError, "comment.LoadIssue() failed", err) } - if comment.Issue.IsLocked && !ctx.Repo.CanWrite(models.UnitTypeIssues) { + if comment.Issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull) { ctx.Error(http.StatusForbidden, "ChangeIssueCommentReaction", errors.New("no permission to change reaction")) return } @@ -380,7 +380,7 @@ func changeIssueReaction(ctx *context.APIContext, form api.EditReactionOption, i return } - if issue.IsLocked && !ctx.Repo.CanWrite(models.UnitTypeIssues) { + if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) { ctx.Error(http.StatusForbidden, "ChangeIssueCommentReaction", errors.New("no permission to change reaction")) return } |