summaryrefslogtreecommitdiffstats
path: root/routers/repo/issue.go
diff options
context:
space:
mode:
Diffstat (limited to 'routers/repo/issue.go')
-rw-r--r--routers/repo/issue.go35
1 files changed, 32 insertions, 3 deletions
diff --git a/routers/repo/issue.go b/routers/repo/issue.go
index 4ae791221c..b9083e20e9 100644
--- a/routers/repo/issue.go
+++ b/routers/repo/issue.go
@@ -643,9 +643,13 @@ func ViewIssue(ctx *context.Context) {
ctx.Data["RequireTribute"] = true
renderAttachmentSettings(ctx)
- err = issue.LoadAttributes()
- if err != nil {
- ctx.ServerError("GetIssueByIndex", err)
+ if err = issue.LoadAttributes(); err != nil {
+ ctx.ServerError("LoadAttributes", err)
+ return
+ }
+
+ if err = filterXRefComments(ctx, issue); err != nil {
+ ctx.ServerError("filterXRefComments", err)
return
}
@@ -1572,3 +1576,28 @@ func addParticipant(poster *models.User, participants []*models.User) []*models.
}
return append(participants, poster)
}
+
+func filterXRefComments(ctx *context.Context, issue *models.Issue) error {
+ // Remove comments that the user has no permissions to see
+ for i := 0; i < len(issue.Comments); {
+ c := issue.Comments[i]
+ if models.CommentTypeIsRef(c.Type) && c.RefRepoID != issue.RepoID && c.RefRepoID != 0 {
+ var err error
+ // Set RefRepo for description in template
+ c.RefRepo, err = models.GetRepositoryByID(c.RefRepoID)
+ if err != nil {
+ return err
+ }
+ perm, err := models.GetUserRepoPermission(c.RefRepo, ctx.User)
+ if err != nil {
+ return err
+ }
+ if !perm.CanReadIssuesOrPulls(c.RefIsPull) {
+ issue.Comments = append(issue.Comments[:i], issue.Comments[i+1:]...)
+ continue
+ }
+ }
+ i++
+ }
+ return nil
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 02:58:21 +0000