From 3cc860a46fe696065618ed0800021336c1994671 Mon Sep 17 00:00:00 2001 From: Unknown Date: Wed, 26 Mar 2014 07:40:50 -0400 Subject: auth fix --- routers/repo/issue.go | 5 ----- 1 file changed, 5 deletions(-) (limited to 'routers') diff --git a/routers/repo/issue.go b/routers/repo/issue.go index 242593ff29..339d5a4da2 100644 --- a/routers/repo/issue.go +++ b/routers/repo/issue.go @@ -55,11 +55,6 @@ func Issues(ctx *middleware.Context, params martini.Params) { } func CreateIssue(ctx *middleware.Context, params martini.Params, form auth.CreateIssueForm) { - if !ctx.Repo.IsOwner { - ctx.Handle(404, "issue.CreateIssue", nil) - return - } - ctx.Data["Title"] = "Create issue" ctx.Data["IsRepoToolbarIssues"] = true -- cgit v1.2.3 From 409e4cde7a379bbdbe53367b3726f64b80aed0eb Mon Sep 17 00:00:00 2001 From: Unknown Date: Wed, 26 Mar 2014 07:42:08 -0400 Subject: auth fix --- routers/repo/issue.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'routers') diff --git a/routers/repo/issue.go b/routers/repo/issue.go index 339d5a4da2..67d3059f52 100644 --- a/routers/repo/issue.go +++ b/routers/repo/issue.go @@ -117,11 +117,6 @@ func ViewIssue(ctx *middleware.Context, params martini.Params) { } func UpdateIssue(ctx *middleware.Context, params martini.Params, form auth.CreateIssueForm) { - if !ctx.Repo.IsOwner { - ctx.Handle(404, "issue.UpdateIssue", nil) - return - } - index, err := base.StrTo(params["index"]).Int() if err != nil { ctx.Handle(404, "issue.UpdateIssue", err) @@ -138,6 +133,11 @@ func UpdateIssue(ctx *middleware.Context, params martini.Params, form auth.Creat return } + if ctx.User.Id != issue.PosterId { + ctx.Handle(404, "issue.UpdateIssue", nil) + return + } + issue.Name = form.IssueName issue.MilestoneId = form.MilestoneId issue.AssigneeId = form.AssigneeId -- cgit v1.2.3