mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
Browse Source

fix permission check for creating comment while mail (#22524) 

only creating comment on locked issue request write permission,
for others, read permission is enough.

related to https://github.com/go-gitea/gitea/pull/22056

/cc @KN4CK3R

---------

Signed-off-by: a101211279 <1012112796@qq.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
tags/v1.19.0-rc0
a1012112796 1 year ago
parent
95d9fbdcf3
commit
48f5d51908
No account linked to committer's email address
1 changed files with 7 additions and 1 deletions
Split View Show Diff Stats
  1. 7
    1
      services/mailer/incoming/incoming_handler.go

+ 7
- 1
services/mailer/incoming/incoming_handler.go View File

@@ -71,11 +71,17 @@ func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *u
return err
}

if !perm.CanWriteIssuesOrPulls(issue.IsPull) || issue.IsLocked && !doer.IsAdmin {
// Locked issues require write permissions
if issue.IsLocked && !perm.CanWriteIssuesOrPulls(issue.IsPull) && !doer.IsAdmin {
log.Debug("can't write issue or pull")
return nil
}

if !perm.CanReadIssuesOrPulls(issue.IsPull) {
log.Debug("can't read issue or pull")
return nil
}

switch r := ref.(type) {
case *issues_model.Issue:
attachmentIDs := make([]string, 0, len(content.Attachments))

Write Preview
Loading…
Cancel
Save