diff options
author | Lunny Xiao <xiaolunwen@gmail.com> | 2023-04-28 04:43:27 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-27 22:43:27 +0200 |
commit | ecf1f2d3f619e5e9dfe1e1782c39604d63ae4c38 (patch) | |
tree | 27d744a25a96dd41e1b9e15820a169f7f7358013 /services | |
parent | 5141bbd9ba1445a9cbe3103319ae516c178d4e17 (diff) | |
download | gitea-ecf1f2d3f619e5e9dfe1e1782c39604d63ae4c38.tar.gz gitea-ecf1f2d3f619e5e9dfe1e1782c39604d63ae4c38.zip |
Fix auth check bug (#24382)
Fix https://github.com/go-gitea/gitea/pull/24362/files#r1179095324
`getAuthenticatedMeta` has checked them, these code are duplicated one.
And the first invokation has a wrong permission check. `DownloadHandle`
should require read permission but not write.
Diffstat (limited to 'services')
-rw-r--r-- | services/lfs/server.go | 10 |
1 files changed, 0 insertions, 10 deletions
diff --git a/services/lfs/server.go b/services/lfs/server.go index 4c69e47512..64e1203394 100644 --- a/services/lfs/server.go +++ b/services/lfs/server.go @@ -86,11 +86,6 @@ func DownloadHandler(ctx *context.Context) { return } - repository := getAuthenticatedRepository(ctx, rc, true) - if repository == nil { - return - } - // Support resume download using Range header var fromByte, toByte int64 toByte = meta.Size - 1 @@ -365,11 +360,6 @@ func VerifyHandler(ctx *context.Context) { return } - repository := getAuthenticatedRepository(ctx, rc, true) - if repository == nil { - return - } - contentStore := lfs_module.NewContentStore() ok, err := contentStore.Verify(meta.Pointer) |