summaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorJonas Franz <info@jonasfranz.software>2018-06-19 17:15:11 +0200
committerLunny Xiao <xiaolunwen@gmail.com>2018-06-19 23:15:11 +0800
commit467ff4d34302f6ecab959d61bf3944a2bdf125d0 (patch)
tree7053fc5f65d97ff084265a67b0c056a3d275246f /routers
parent3f2f5752cb7829c8f49bdb0f03704230493347ac (diff)
downloadgitea-467ff4d34302f6ecab959d61bf3944a2bdf125d0.tar.gz
gitea-467ff4d34302f6ecab959d61bf3944a2bdf125d0.zip
Fix milestone appliance and permission checks (#4271)
* Fix milestone appliance Fix missing permission check Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix comment * Add Gitea copyright line
Diffstat (limited to 'routers')
-rw-r--r--routers/api/v1/repo/issue.go26
1 files changed, 17 insertions, 9 deletions
diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go
index 211d8045a4..7be39166d2 100644
--- a/routers/api/v1/repo/issue.go
+++ b/routers/api/v1/repo/issue.go
@@ -1,4 +1,5 @@
// Copyright 2016 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
@@ -165,7 +166,7 @@ func CreateIssue(ctx *context.APIContext, form api.CreateIssueOption) {
// "$ref": "#/responses/Issue"
var deadlineUnix util.TimeStamp
- if form.Deadline != nil {
+ if form.Deadline != nil && ctx.Repo.IsWriter() {
deadlineUnix = util.TimeStamp(form.Deadline.Unix())
}
@@ -178,15 +179,22 @@ func CreateIssue(ctx *context.APIContext, form api.CreateIssueOption) {
DeadlineUnix: deadlineUnix,
}
- // Get all assignee IDs
- assigneeIDs, err := models.MakeIDsFromAPIAssigneesToAdd(form.Assignee, form.Assignees)
- if err != nil {
- if models.IsErrUserNotExist(err) {
- ctx.Error(422, "", fmt.Sprintf("Assignee does not exist: [name: %s]", err))
- } else {
- ctx.Error(500, "AddAssigneeByName", err)
+ var assigneeIDs = make([]int64, 0)
+ var err error
+ if ctx.Repo.IsWriter() {
+ issue.MilestoneID = form.Milestone
+ assigneeIDs, err = models.MakeIDsFromAPIAssigneesToAdd(form.Assignee, form.Assignees)
+ if err != nil {
+ if models.IsErrUserNotExist(err) {
+ ctx.Error(422, "", fmt.Sprintf("Assignee does not exist: [name: %s]", err))
+ } else {
+ ctx.Error(500, "AddAssigneeByName", err)
+ }
+ return
}
- return
+ } else {
+ // setting labels is not allowed if user is not a writer
+ form.Labels = make([]int64, 0)
}
if err := models.NewIssue(ctx.Repo.Repository, issue, form.Labels, assigneeIDs, nil); err != nil {