Backport #25019 by @lunny Caused by #24362 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>tags/v1.19.4
@@ -110,11 +110,6 @@ func GetAttachment(ctx *context.Context) { | |||
return | |||
} | |||
} else { // If we have the repository we check access | |||
context.CheckRepoScopedToken(ctx, repository) | |||
if ctx.Written() { | |||
return | |||
} | |||
perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer) | |||
if err != nil { | |||
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error()) |
@@ -89,6 +89,9 @@ func TestCreateIssueAttachment(t *testing.T) { | |||
// Validate that attachment is available | |||
req = NewRequest(t, "GET", "/attachments/"+uuid) | |||
session.MakeRequest(t, req, http.StatusOK) | |||
// anonymous visit should be allowed because user2/repo1 is a public repository | |||
MakeRequest(t, req, http.StatusOK) | |||
} | |||
func TestGetAttachment(t *testing.T) { |