diff options
author | Jonas Franz <info@jonasfranz.software> | 2018-06-19 17:15:11 +0200 |
---|---|---|
committer | Lunny Xiao <xiaolunwen@gmail.com> | 2018-06-19 23:15:11 +0800 |
commit | 467ff4d34302f6ecab959d61bf3944a2bdf125d0 (patch) | |
tree | 7053fc5f65d97ff084265a67b0c056a3d275246f /routers | |
parent | 3f2f5752cb7829c8f49bdb0f03704230493347ac (diff) | |
download | gitea-467ff4d34302f6ecab959d61bf3944a2bdf125d0.tar.gz gitea-467ff4d34302f6ecab959d61bf3944a2bdf125d0.zip |
Fix milestone appliance and permission checks (#4271)
* Fix milestone appliance
Fix missing permission check
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix comment
* Add Gitea copyright line
Diffstat (limited to 'routers')
-rw-r--r-- | routers/api/v1/repo/issue.go | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go index 211d8045a4..7be39166d2 100644 --- a/routers/api/v1/repo/issue.go +++ b/routers/api/v1/repo/issue.go @@ -1,4 +1,5 @@ // Copyright 2016 The Gogs Authors. All rights reserved. +// Copyright 2018 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. @@ -165,7 +166,7 @@ func CreateIssue(ctx *context.APIContext, form api.CreateIssueOption) { // "$ref": "#/responses/Issue" var deadlineUnix util.TimeStamp - if form.Deadline != nil { + if form.Deadline != nil && ctx.Repo.IsWriter() { deadlineUnix = util.TimeStamp(form.Deadline.Unix()) } @@ -178,15 +179,22 @@ func CreateIssue(ctx *context.APIContext, form api.CreateIssueOption) { DeadlineUnix: deadlineUnix, } - // Get all assignee IDs - assigneeIDs, err := models.MakeIDsFromAPIAssigneesToAdd(form.Assignee, form.Assignees) - if err != nil { - if models.IsErrUserNotExist(err) { - ctx.Error(422, "", fmt.Sprintf("Assignee does not exist: [name: %s]", err)) - } else { - ctx.Error(500, "AddAssigneeByName", err) + var assigneeIDs = make([]int64, 0) + var err error + if ctx.Repo.IsWriter() { + issue.MilestoneID = form.Milestone + assigneeIDs, err = models.MakeIDsFromAPIAssigneesToAdd(form.Assignee, form.Assignees) + if err != nil { + if models.IsErrUserNotExist(err) { + ctx.Error(422, "", fmt.Sprintf("Assignee does not exist: [name: %s]", err)) + } else { + ctx.Error(500, "AddAssigneeByName", err) + } + return } - return + } else { + // setting labels is not allowed if user is not a writer + form.Labels = make([]int64, 0) } if err := models.NewIssue(ctx.Repo.Repository, issue, form.Labels, assigneeIDs, nil); err != nil { |