aboutsummaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorDavid Svantesson <davidsvantesson@gmail.com>2019-09-27 04:24:06 +0200
committerLunny Xiao <xiaolunwen@gmail.com>2019-09-27 10:24:06 +0800
commitc6fb7fe27c16c4e43d4d8dbe4d2ff4b3c4c52a29 (patch)
tree4b3b60484f8fe20cf1c4531bef2f5803f51fea89 /routers
parenteb11ca68470e4ab60ed4ec31f4d170a4b36a528e (diff)
downloadgitea-c6fb7fe27c16c4e43d4d8dbe4d2ff4b3c4c52a29.tar.gz
gitea-c6fb7fe27c16c4e43d4d8dbe4d2ff4b3c4c52a29.zip
Fix API for edit and delete release attachment (#8285)
* Add logging for when user requested attachment doesn't belong to the specified release. * Fix API to use correct variable for release asset (attachment)
Diffstat (limited to 'routers')
-rw-r--r--routers/api/v1/repo/release_attachment.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/routers/api/v1/repo/release_attachment.go b/routers/api/v1/repo/release_attachment.go
index 67802fd9e7..c49e4d3e34 100644
--- a/routers/api/v1/repo/release_attachment.go
+++ b/routers/api/v1/repo/release_attachment.go
@@ -9,6 +9,7 @@ import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/context"
+ "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/upload"
@@ -55,6 +56,7 @@ func GetReleaseAttachment(ctx *context.APIContext) {
return
}
if attach.ReleaseID != releaseID {
+ log.Info("User requested attachment is not in release, release_id %v, attachment_id: %v", releaseID, attachID)
ctx.NotFound()
return
}
@@ -242,13 +244,14 @@ func EditReleaseAttachment(ctx *context.APIContext, form api.EditAttachmentOptio
// Check if release exists an load release
releaseID := ctx.ParamsInt64(":id")
- attachID := ctx.ParamsInt64(":attachment")
+ attachID := ctx.ParamsInt64(":asset")
attach, err := models.GetAttachmentByID(attachID)
if err != nil {
ctx.Error(500, "GetAttachmentByID", err)
return
}
if attach.ReleaseID != releaseID {
+ log.Info("User requested attachment is not in release, release_id %v, attachment_id: %v", releaseID, attachID)
ctx.NotFound()
return
}
@@ -299,13 +302,14 @@ func DeleteReleaseAttachment(ctx *context.APIContext) {
// Check if release exists an load release
releaseID := ctx.ParamsInt64(":id")
- attachID := ctx.ParamsInt64(":attachment")
+ attachID := ctx.ParamsInt64(":asset")
attach, err := models.GetAttachmentByID(attachID)
if err != nil {
ctx.Error(500, "GetAttachmentByID", err)
return
}
if attach.ReleaseID != releaseID {
+ log.Info("User requested attachment is not in release, release_id %v, attachment_id: %v", releaseID, attachID)
ctx.NotFound()
return
}