diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2024-11-22 20:42:58 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-23 12:42:58 +0800 |
| commit | cf1a38b03df9d24641ea861f63feeba35c1285dc (patch) | |
| tree | 15a3e8471d5402690a9edf4ecc3b088c93c4bc01 /routers | |
| parent | 073ba977fc7c2f58aa3c2faebcdadda49e6e2aac (diff) | |
| download | gitea-cf1a38b03df9d24641ea861f63feeba35c1285dc.tar.gz gitea-cf1a38b03df9d24641ea861f63feeba35c1285dc.zip | |
Fix get reviewers' bug (#32415) (#32616)
This PR rewrites `GetReviewer` function and move it to service layer.
Reviewers should not be watchers, so that this PR removed all watchers
from reviewers. When the repository is under an organization, the pull
request unit read permission will be checked to resolve the bug of
Fix #32394
Backport #32415
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/api/v1/repo/collaborators.go | 10 | ||||
| -rw-r--r-- | routers/web/repo/issue.go | 7 |
2 files changed, 12 insertions, 5 deletions
diff --git a/routers/api/v1/repo/collaborators.go b/routers/api/v1/repo/collaborators.go index 4ce14f7d01..74be5688ba 100644 --- a/routers/api/v1/repo/collaborators.go +++ b/routers/api/v1/repo/collaborators.go @@ -18,6 +18,8 @@ import ( "code.gitea.io/gitea/routers/api/v1/utils" "code.gitea.io/gitea/services/context" "code.gitea.io/gitea/services/convert" + issue_service "code.gitea.io/gitea/services/issue" + pull_service "code.gitea.io/gitea/services/pull" repo_service "code.gitea.io/gitea/services/repository" ) @@ -323,7 +325,13 @@ func GetReviewers(ctx *context.APIContext) { // "404": // "$ref": "#/responses/notFound" - reviewers, err := repo_model.GetReviewers(ctx, ctx.Repo.Repository, ctx.Doer.ID, 0) + canChooseReviewer := issue_service.CanDoerChangeReviewRequests(ctx, ctx.Doer, ctx.Repo.Repository, 0) + if !canChooseReviewer { + ctx.Error(http.StatusForbidden, "GetReviewers", errors.New("doer has no permission to get reviewers")) + return + } + + reviewers, err := pull_service.GetReviewers(ctx, ctx.Repo.Repository, ctx.Doer.ID, 0) if err != nil { ctx.Error(http.StatusInternalServerError, "ListCollaborators", err) return diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go index 47333396c7..3fdf594045 100644 --- a/routers/web/repo/issue.go +++ b/routers/web/repo/issue.go @@ -56,7 +56,6 @@ import ( "code.gitea.io/gitea/services/forms" issue_service "code.gitea.io/gitea/services/issue" pull_service "code.gitea.io/gitea/services/pull" - repo_service "code.gitea.io/gitea/services/repository" user_service "code.gitea.io/gitea/services/user" ) @@ -693,13 +692,13 @@ func RetrieveRepoReviewers(ctx *context.Context, repo *repo_model.Repository, is posterID = 0 } - reviewers, err = repo_model.GetReviewers(ctx, repo, ctx.Doer.ID, posterID) + reviewers, err = pull_service.GetReviewers(ctx, repo, ctx.Doer.ID, posterID) if err != nil { ctx.ServerError("GetReviewers", err) return } - teamReviewers, err = repo_service.GetReviewerTeams(ctx, repo) + teamReviewers, err = pull_service.GetReviewerTeams(ctx, repo) if err != nil { ctx.ServerError("GetReviewerTeams", err) return @@ -1536,7 +1535,7 @@ func ViewIssue(ctx *context.Context) { if issue.IsPull { canChooseReviewer := false if ctx.Doer != nil && ctx.IsSigned { - canChooseReviewer = issue_service.CanDoerChangeReviewRequests(ctx, ctx.Doer, repo, issue) + canChooseReviewer = issue_service.CanDoerChangeReviewRequests(ctx, ctx.Doer, repo, issue.PosterID) } RetrieveRepoReviewers(ctx, repo, issue, canChooseReviewer) |