diff options
| author | KN4CK3R <admin@oldschoolhack.me> | 2022-12-09 07:35:56 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-09 14:35:56 +0800 |
| commit | 3c59d31bc605bbefc6636e9b0a93e90ad2696ed9 (patch) | |
| tree | d26f47a8d0e0ea4cad3f01ea7bbc35668220f81b /services | |
| parent | 8fb1e53ca2bea37d9d6b89a47cb13e253355829b (diff) | |
| download | gitea-3c59d31bc605bbefc6636e9b0a93e90ad2696ed9.tar.gz gitea-3c59d31bc605bbefc6636e9b0a93e90ad2696ed9.zip | |
Add API management for issue/pull and comment attachments (#21783)
Close #14601
Fix #3690
Revive of #14601.
Updated to current code, cleanup and added more read/write checks.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andre Bruch <ab@andrebruch.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Norwin <git@nroo.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'services')
| -rw-r--r-- | services/attachment/attachment.go | 11 | ||||
| -rw-r--r-- | services/release/release.go | 11 |
2 files changed, 12 insertions, 10 deletions
diff --git a/services/attachment/attachment.go b/services/attachment/attachment.go index 522acd00a3..7fdacc6aae 100644 --- a/services/attachment/attachment.go +++ b/services/attachment/attachment.go @@ -39,19 +39,14 @@ func NewAttachment(attach *repo_model.Attachment, file io.Reader) (*repo_model.A } // UploadAttachment upload new attachment into storage and update database -func UploadAttachment(file io.Reader, actorID, repoID, releaseID int64, fileName, allowedTypes string) (*repo_model.Attachment, error) { +func UploadAttachment(file io.Reader, allowedTypes string, opts *repo_model.Attachment) (*repo_model.Attachment, error) { buf := make([]byte, 1024) n, _ := util.ReadAtMost(file, buf) buf = buf[:n] - if err := upload.Verify(buf, fileName, allowedTypes); err != nil { + if err := upload.Verify(buf, opts.Name, allowedTypes); err != nil { return nil, err } - return NewAttachment(&repo_model.Attachment{ - RepoID: repoID, - UploaderID: actorID, - ReleaseID: releaseID, - Name: fileName, - }, io.MultiReader(bytes.NewReader(buf), file)) + return NewAttachment(opts, io.MultiReader(bytes.NewReader(buf), file)) } diff --git a/services/release/release.go b/services/release/release.go index 1d599fcda1..13042cd3ac 100644 --- a/services/release/release.go +++ b/services/release/release.go @@ -21,6 +21,7 @@ import ( "code.gitea.io/gitea/modules/repository" "code.gitea.io/gitea/modules/storage" "code.gitea.io/gitea/modules/timeutil" + "code.gitea.io/gitea/modules/util" ) func createTag(ctx context.Context, gitRepo *git.Repository, rel *repo_model.Release, msg string) (bool, error) { @@ -218,7 +219,10 @@ func UpdateRelease(doer *user_model.User, gitRepo *git.Repository, rel *repo_mod } for _, attach := range attachments { if attach.ReleaseID != rel.ID { - return errors.New("delete attachement of release permission denied") + return util.SilentWrap{ + Message: "delete attachment of release permission denied", + Err: util.ErrPermissionDenied, + } } deletedUUIDs.Add(attach.UUID) } @@ -240,7 +244,10 @@ func UpdateRelease(doer *user_model.User, gitRepo *git.Repository, rel *repo_mod } for _, attach := range attachments { if attach.ReleaseID != rel.ID { - return errors.New("update attachement of release permission denied") + return util.SilentWrap{ + Message: "update attachment of release permission denied", + Err: util.ErrPermissionDenied, + } } } |