Backport #25019 by @lunny Caused by #24362 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>tags/v1.19.4
return | return | ||||
} | } | ||||
} else { // If we have the repository we check access | } else { // If we have the repository we check access | ||||
context.CheckRepoScopedToken(ctx, repository) | |||||
if ctx.Written() { | |||||
return | |||||
} | |||||
perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer) | perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer) | ||||
if err != nil { | if err != nil { | ||||
ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error()) | ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error()) |
// Validate that attachment is available | // Validate that attachment is available | ||||
req = NewRequest(t, "GET", "/attachments/"+uuid) | req = NewRequest(t, "GET", "/attachments/"+uuid) | ||||
session.MakeRequest(t, req, http.StatusOK) | session.MakeRequest(t, req, http.StatusOK) | ||||
// anonymous visit should be allowed because user2/repo1 is a public repository | |||||
MakeRequest(t, req, http.StatusOK) | |||||
} | } | ||||
func TestGetAttachment(t *testing.T) { | func TestGetAttachment(t *testing.T) { |