summaryrefslogtreecommitdiffstats
path: root/services
diff options
context:
space:
mode:
authorLunny Xiao <xiaolunwen@gmail.com>2023-04-28 04:43:27 +0800
committerGitHub <noreply@github.com>2023-04-27 22:43:27 +0200
commitecf1f2d3f619e5e9dfe1e1782c39604d63ae4c38 (patch)
tree27d744a25a96dd41e1b9e15820a169f7f7358013 /services
parent5141bbd9ba1445a9cbe3103319ae516c178d4e17 (diff)
downloadgitea-ecf1f2d3f619e5e9dfe1e1782c39604d63ae4c38.tar.gz
gitea-ecf1f2d3f619e5e9dfe1e1782c39604d63ae4c38.zip
Fix auth check bug (#24382)
Fix https://github.com/go-gitea/gitea/pull/24362/files#r1179095324 `getAuthenticatedMeta` has checked them, these code are duplicated one. And the first invokation has a wrong permission check. `DownloadHandle` should require read permission but not write.
Diffstat (limited to 'services')
-rw-r--r--services/lfs/server.go10
1 files changed, 0 insertions, 10 deletions
diff --git a/services/lfs/server.go b/services/lfs/server.go
index 4c69e47512..64e1203394 100644
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@@ -86,11 +86,6 @@ func DownloadHandler(ctx *context.Context) {
return
}
- repository := getAuthenticatedRepository(ctx, rc, true)
- if repository == nil {
- return
- }
-
// Support resume download using Range header
var fromByte, toByte int64
toByte = meta.Size - 1
@@ -365,11 +360,6 @@ func VerifyHandler(ctx *context.Context) {
return
}
- repository := getAuthenticatedRepository(ctx, rc, true)
- if repository == nil {
- return
- }
-
contentStore := lfs_module.NewContentStore()
ok, err := contentStore.Verify(meta.Pointer)