aboutsummaryrefslogtreecommitdiffstats
path: root/routers/api/v1
diff options
context:
space:
mode:
authoryp05327 <576951401@qq.com>2024-12-11 03:42:52 +0900
committerGitHub <noreply@github.com>2024-12-10 18:42:52 +0000
commit2ac6f2b129fd6d955ac0fdb4dcf46efd5163f3b3 (patch)
tree32371c9f882419451273c653b6b96db2cd9786ca /routers/api/v1
parent8f271c60366ece02f44649de5f8ba57388adb854 (diff)
downloadgitea-2ac6f2b129fd6d955ac0fdb4dcf46efd5163f3b3.tar.gz
gitea-2ac6f2b129fd6d955ac0fdb4dcf46efd5163f3b3.zip
Fix internal server error when updating labels without write permission (#32776)
Fix #32775 if permission denined, `prepareForReplaceOrAdd` will return nothing, and this case is not handled.
Diffstat (limited to 'routers/api/v1')
-rw-r--r--routers/api/v1/repo/issue_label.go10
1 files changed, 5 insertions, 5 deletions
diff --git a/routers/api/v1/repo/issue_label.go b/routers/api/v1/repo/issue_label.go
index 2f5ea8931b..cc517619e9 100644
--- a/routers/api/v1/repo/issue_label.go
+++ b/routers/api/v1/repo/issue_label.go
@@ -319,6 +319,11 @@ func prepareForReplaceOrAdd(ctx *context.APIContext, form api.IssueLabelsOption)
return nil, nil, err
}
+ if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
+ ctx.Error(http.StatusForbidden, "CanWriteIssuesOrPulls", "write permission is required")
+ return nil, nil, fmt.Errorf("permission denied")
+ }
+
var (
labelIDs []int64
labelNames []string
@@ -350,10 +355,5 @@ func prepareForReplaceOrAdd(ctx *context.APIContext, form api.IssueLabelsOption)
return nil, nil, err
}
- if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
- ctx.Status(http.StatusForbidden)
- return nil, nil, nil
- }
-
return issue, labels, err
}