Browse Source
Fix users cannot visit issue attachment bug (#25019) (#25027)
Backport #25019 by @lunny Caused by #24362 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>tags/v1.19.4
Giteabot
11 months ago
2 changed files with 3 additions and 5 deletions
+ 0
- 5
routers/web/repo/attachment.go
View File
| @@ -110,11 +110,6 @@ func GetAttachment(ctx *context.Context) { | |||
| return | |||
| } | |||
| } else { // If we have the repository we check access | |||
| context.CheckRepoScopedToken(ctx, repository) | |||
| if ctx.Written() { | |||
| return | |||
| } | |||
| perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer) | |||
| if err != nil { | |||
| ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error()) | |||
+ 3
- 0
tests/integration/attachment_test.go
View File
| @@ -89,6 +89,9 @@ func TestCreateIssueAttachment(t *testing.T) { | |||
| // Validate that attachment is available | |||
| req = NewRequest(t, "GET", "/attachments/"+uuid) | |||
| session.MakeRequest(t, req, http.StatusOK) | |||
| // anonymous visit should be allowed because user2/repo1 is a public repository | |||
| MakeRequest(t, req, http.StatusOK) | |||
| } | |||
| func TestGetAttachment(t *testing.T) { | |||
Loading…