diff options
| author | Unknown <joe2010xtmf@163.com> | 2014-03-26 07:42:08 -0400 |
|---|---|---|
| committer | Unknown <joe2010xtmf@163.com> | 2014-03-26 07:42:08 -0400 |
| commit | 409e4cde7a379bbdbe53367b3726f64b80aed0eb (patch) | |
| tree | bbcd2f4071b083b525d93dfe99861a41e8ab52e7 /routers | |
| parent | 3cc860a46fe696065618ed0800021336c1994671 (diff) | |
| download | gitea-409e4cde7a379bbdbe53367b3726f64b80aed0eb.tar.gz gitea-409e4cde7a379bbdbe53367b3726f64b80aed0eb.zip | |
auth fix
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/repo/issue.go | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/routers/repo/issue.go b/routers/repo/issue.go index 339d5a4da2..67d3059f52 100644 --- a/routers/repo/issue.go +++ b/routers/repo/issue.go @@ -117,11 +117,6 @@ func ViewIssue(ctx *middleware.Context, params martini.Params) { } func UpdateIssue(ctx *middleware.Context, params martini.Params, form auth.CreateIssueForm) { - if !ctx.Repo.IsOwner { - ctx.Handle(404, "issue.UpdateIssue", nil) - return - } - index, err := base.StrTo(params["index"]).Int() if err != nil { ctx.Handle(404, "issue.UpdateIssue", err) @@ -138,6 +133,11 @@ func UpdateIssue(ctx *middleware.Context, params martini.Params, form auth.Creat return } + if ctx.User.Id != issue.PosterId { + ctx.Handle(404, "issue.UpdateIssue", nil) + return + } + issue.Name = form.IssueName issue.MilestoneId = form.MilestoneId issue.AssigneeId = form.AssigneeId |