aboutsummaryrefslogtreecommitdiffstats
path: root/routers/api
diff options
context:
space:
mode:
authorharryzcy <harry@harryzheng.com>2023-04-21 11:39:03 -0400
committerGitHub <noreply@github.com>2023-04-21 11:39:03 -0400
commitcb19772d6a2a86d556f350d42758a9d64db1b402 (patch)
tree0b374fc7c9e0055c82cd7adb3a924c57ff3746ac /routers/api
parent949ba4894b1237490d872277fc48d2a1fdc26562 (diff)
downloadgitea-cb19772d6a2a86d556f350d42758a9d64db1b402.tar.gz
gitea-cb19772d6a2a86d556f350d42758a9d64db1b402.zip
Fix access token issue on some public endpoints (#24194)
- [x] Identify endpoints that should be public - [x] Update integration tests Fix #24159
Diffstat (limited to 'routers/api')
-rw-r--r--routers/api/v1/api.go12
1 files changed, 6 insertions, 6 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 774eb948ac..48311b3eee 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -1200,12 +1200,12 @@ func Routes(ctx gocontext.Context) *web.Route {
m.Get("/{org}/permissions", reqToken(auth_model.AccessTokenScopeReadOrg), org.GetUserOrgsPermissions)
}, context_service.UserAssignmentAPI())
m.Post("/orgs", reqToken(auth_model.AccessTokenScopeWriteOrg), bind(api.CreateOrgOption{}), org.Create)
- m.Get("/orgs", reqToken(auth_model.AccessTokenScopeReadOrg), org.GetAll)
+ m.Get("/orgs", org.GetAll)
m.Group("/orgs/{org}", func() {
- m.Combo("").Get(reqToken(auth_model.AccessTokenScopeReadOrg), org.Get).
+ m.Combo("").Get(org.Get).
Patch(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), bind(api.EditOrgOption{}), org.Edit).
Delete(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), org.Delete)
- m.Combo("/repos").Get(reqToken(auth_model.AccessTokenScopeReadOrg), user.ListOrgRepos).
+ m.Combo("/repos").Get(user.ListOrgRepos).
Post(reqToken(auth_model.AccessTokenScopeWriteOrg), bind(api.CreateRepoOption{}), repo.CreateOrgRepo)
m.Group("/members", func() {
m.Get("", reqToken(auth_model.AccessTokenScopeReadOrg), org.ListMembers)
@@ -1213,8 +1213,8 @@ func Routes(ctx gocontext.Context) *web.Route {
Delete(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), org.DeleteMember)
})
m.Group("/public_members", func() {
- m.Get("", reqToken(auth_model.AccessTokenScopeReadOrg), org.ListPublicMembers)
- m.Combo("/{username}").Get(reqToken(auth_model.AccessTokenScopeReadOrg), org.IsPublicMember).
+ m.Get("", org.ListPublicMembers)
+ m.Combo("/{username}").Get(org.IsPublicMember).
Put(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgMembership(), org.PublicizeMember).
Delete(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgMembership(), org.ConcealMember)
})
@@ -1224,7 +1224,7 @@ func Routes(ctx gocontext.Context) *web.Route {
m.Get("/search", reqToken(auth_model.AccessTokenScopeReadOrg), org.SearchTeam)
}, reqOrgMembership())
m.Group("/labels", func() {
- m.Get("", reqToken(auth_model.AccessTokenScopeReadOrg), org.ListLabels)
+ m.Get("", org.ListLabels)
m.Post("", reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), bind(api.CreateLabelOption{}), org.CreateLabel)
m.Combo("/{id}").Get(reqToken(auth_model.AccessTokenScopeReadOrg), org.GetLabel).
Patch(reqToken(auth_model.AccessTokenScopeWriteOrg), reqOrgOwnership(), bind(api.EditLabelOption{}), org.EditLabel).