diff options
author | harryzcy <harry@harryzheng.com> | 2023-04-21 11:39:03 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-21 11:39:03 -0400 |
commit | cb19772d6a2a86d556f350d42758a9d64db1b402 (patch) | |
tree | 0b374fc7c9e0055c82cd7adb3a924c57ff3746ac /routers/api | |
parent | 949ba4894b1237490d872277fc48d2a1fdc26562 (diff) | |
download | gitea-cb19772d6a2a86d556f350d42758a9d64db1b402.tar.gz gitea-cb19772d6a2a86d556f350d42758a9d64db1b402.zip |
Fix access token issue on some public endpoints (#24194)
- [x] Identify endpoints that should be public
- [x] Update integration tests
Fix #24159
Diffstat (limited to 'routers/api')
-rw-r--r-- | routers/api/v1/api.go | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 774eb948ac..48311b3eee 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -1200,12 +1200,12 @@ func Routes(ctx gocontext.Context) *web.Route { m.Get("/{org}/permissions", reqToken(auth_model.AccessTokenScopeReadOrg), org.GetUserOrgsPermissions) }, context_service.UserAssignmentAPI()) m.Post("/orgs", reqToken(auth_model.AccessTokenScopeWriteOrg), bind(api.CreateOrgOption{}), org.Create) - m.Get("/orgs", reqToken(auth_model.AccessTokenScopeReadOrg), org.GetAll) + m.Get("/orgs", org.GetAll) m.Group("/orgs/{org}", func() { - m.Combo("").Get(reqToken(auth_model.AccessTokenScopeReadOrg), org.Get). + m.Combo("").Get(org.Get). Patch(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), bind(api.EditOrgOption{}), org.Edit). Delete(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), org.Delete) - m.Combo("/repos").Get(reqToken(auth_model.AccessTokenScopeReadOrg), user.ListOrgRepos). + m.Combo("/repos").Get(user.ListOrgRepos). Post(reqToken(auth_model.AccessTokenScopeWriteOrg), bind(api.CreateRepoOption{}), repo.CreateOrgRepo) m.Group("/members", func() { m.Get("", reqToken(auth_model.AccessTokenScopeReadOrg), org.ListMembers) @@ -1213,8 +1213,8 @@ func Routes(ctx gocontext.Context) *web.Route { Delete(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), org.DeleteMember) }) m.Group("/public_members", func() { - m.Get("", reqToken(auth_model.AccessTokenScopeReadOrg), org.ListPublicMembers) - m.Combo("/{username}").Get(reqToken(auth_model.AccessTokenScopeReadOrg), org.IsPublicMember). + m.Get("", org.ListPublicMembers) + m.Combo("/{username}").Get(org.IsPublicMember). Put(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgMembership(), org.PublicizeMember). Delete(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgMembership(), org.ConcealMember) }) @@ -1224,7 +1224,7 @@ func Routes(ctx gocontext.Context) *web.Route { m.Get("/search", reqToken(auth_model.AccessTokenScopeReadOrg), org.SearchTeam) }, reqOrgMembership()) m.Group("/labels", func() { - m.Get("", reqToken(auth_model.AccessTokenScopeReadOrg), org.ListLabels) + m.Get("", org.ListLabels) m.Post("", reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), bind(api.CreateLabelOption{}), org.CreateLabel) m.Combo("/{id}").Get(reqToken(auth_model.AccessTokenScopeReadOrg), org.GetLabel). Patch(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), bind(api.EditLabelOption{}), org.EditLabel). |