123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407 |
- // Copyright 2021 The Gitea Authors. All rights reserved.
- // SPDX-License-Identifier: MIT
-
- package repo
-
- import (
- "errors"
- "net/http"
-
- issues_model "code.gitea.io/gitea/models/issues"
- repo_model "code.gitea.io/gitea/models/repo"
- user_model "code.gitea.io/gitea/models/user"
- "code.gitea.io/gitea/modules/log"
- "code.gitea.io/gitea/modules/setting"
- api "code.gitea.io/gitea/modules/structs"
- "code.gitea.io/gitea/modules/web"
- "code.gitea.io/gitea/services/attachment"
- "code.gitea.io/gitea/services/context"
- "code.gitea.io/gitea/services/context/upload"
- "code.gitea.io/gitea/services/convert"
- issue_service "code.gitea.io/gitea/services/issue"
- )
-
- // GetIssueCommentAttachment gets a single attachment of the comment
- func GetIssueCommentAttachment(ctx *context.APIContext) {
- // swagger:operation GET /repos/{owner}/{repo}/issues/comments/{id}/assets/{attachment_id} issue issueGetIssueCommentAttachment
- // ---
- // summary: Get a comment attachment
- // produces:
- // - application/json
- // parameters:
- // - name: owner
- // in: path
- // description: owner of the repo
- // type: string
- // required: true
- // - name: repo
- // in: path
- // description: name of the repo
- // type: string
- // required: true
- // - name: id
- // in: path
- // description: id of the comment
- // type: integer
- // format: int64
- // required: true
- // - name: attachment_id
- // in: path
- // description: id of the attachment to get
- // type: integer
- // format: int64
- // required: true
- // responses:
- // "200":
- // "$ref": "#/responses/Attachment"
- // "404":
- // "$ref": "#/responses/error"
-
- comment := getIssueCommentSafe(ctx)
- if comment == nil {
- return
- }
- attachment := getIssueCommentAttachmentSafeRead(ctx, comment)
- if attachment == nil {
- return
- }
- if attachment.CommentID != comment.ID {
- log.Debug("User requested attachment[%d] is not in comment[%d].", attachment.ID, comment.ID)
- ctx.NotFound("attachment not in comment")
- return
- }
-
- ctx.JSON(http.StatusOK, convert.ToAPIAttachment(ctx.Repo.Repository, attachment))
- }
-
- // ListIssueCommentAttachments lists all attachments of the comment
- func ListIssueCommentAttachments(ctx *context.APIContext) {
- // swagger:operation GET /repos/{owner}/{repo}/issues/comments/{id}/assets issue issueListIssueCommentAttachments
- // ---
- // summary: List comment's attachments
- // produces:
- // - application/json
- // parameters:
- // - name: owner
- // in: path
- // description: owner of the repo
- // type: string
- // required: true
- // - name: repo
- // in: path
- // description: name of the repo
- // type: string
- // required: true
- // - name: id
- // in: path
- // description: id of the comment
- // type: integer
- // format: int64
- // required: true
- // responses:
- // "200":
- // "$ref": "#/responses/AttachmentList"
- // "404":
- // "$ref": "#/responses/error"
- comment := getIssueCommentSafe(ctx)
- if comment == nil {
- return
- }
-
- if err := comment.LoadAttachments(ctx); err != nil {
- ctx.Error(http.StatusInternalServerError, "LoadAttachments", err)
- return
- }
-
- ctx.JSON(http.StatusOK, convert.ToAPIAttachments(ctx.Repo.Repository, comment.Attachments))
- }
-
- // CreateIssueCommentAttachment creates an attachment and saves the given file
- func CreateIssueCommentAttachment(ctx *context.APIContext) {
- // swagger:operation POST /repos/{owner}/{repo}/issues/comments/{id}/assets issue issueCreateIssueCommentAttachment
- // ---
- // summary: Create a comment attachment
- // produces:
- // - application/json
- // consumes:
- // - multipart/form-data
- // parameters:
- // - name: owner
- // in: path
- // description: owner of the repo
- // type: string
- // required: true
- // - name: repo
- // in: path
- // description: name of the repo
- // type: string
- // required: true
- // - name: id
- // in: path
- // description: id of the comment
- // type: integer
- // format: int64
- // required: true
- // - name: name
- // in: query
- // description: name of the attachment
- // type: string
- // required: false
- // - name: attachment
- // in: formData
- // description: attachment to upload
- // type: file
- // required: true
- // responses:
- // "201":
- // "$ref": "#/responses/Attachment"
- // "400":
- // "$ref": "#/responses/error"
- // "403":
- // "$ref": "#/responses/forbidden"
- // "404":
- // "$ref": "#/responses/error"
- // "422":
- // "$ref": "#/responses/validationError"
- // "423":
- // "$ref": "#/responses/repoArchivedError"
-
- // Check if comment exists and load comment
- comment := getIssueCommentSafe(ctx)
- if comment == nil {
- return
- }
-
- if !canUserWriteIssueCommentAttachment(ctx, comment) {
- return
- }
-
- // Get uploaded file from request
- file, header, err := ctx.Req.FormFile("attachment")
- if err != nil {
- ctx.Error(http.StatusInternalServerError, "FormFile", err)
- return
- }
- defer file.Close()
-
- filename := header.Filename
- if query := ctx.FormString("name"); query != "" {
- filename = query
- }
-
- attachment, err := attachment.UploadAttachment(ctx, file, setting.Attachment.AllowedTypes, header.Size, &repo_model.Attachment{
- Name: filename,
- UploaderID: ctx.Doer.ID,
- RepoID: ctx.Repo.Repository.ID,
- IssueID: comment.IssueID,
- CommentID: comment.ID,
- })
- if err != nil {
- if upload.IsErrFileTypeForbidden(err) {
- ctx.Error(http.StatusUnprocessableEntity, "", err)
- } else {
- ctx.Error(http.StatusInternalServerError, "UploadAttachment", err)
- }
- return
- }
-
- if err := comment.LoadAttachments(ctx); err != nil {
- ctx.Error(http.StatusInternalServerError, "LoadAttachments", err)
- return
- }
-
- if err = issue_service.UpdateComment(ctx, comment, ctx.Doer, comment.Content); err != nil {
- if errors.Is(err, user_model.ErrBlockedUser) {
- ctx.Error(http.StatusForbidden, "UpdateComment", err)
- } else {
- ctx.ServerError("UpdateComment", err)
- }
- return
- }
-
- ctx.JSON(http.StatusCreated, convert.ToAPIAttachment(ctx.Repo.Repository, attachment))
- }
-
- // EditIssueCommentAttachment updates the given attachment
- func EditIssueCommentAttachment(ctx *context.APIContext) {
- // swagger:operation PATCH /repos/{owner}/{repo}/issues/comments/{id}/assets/{attachment_id} issue issueEditIssueCommentAttachment
- // ---
- // summary: Edit a comment attachment
- // produces:
- // - application/json
- // consumes:
- // - application/json
- // parameters:
- // - name: owner
- // in: path
- // description: owner of the repo
- // type: string
- // required: true
- // - name: repo
- // in: path
- // description: name of the repo
- // type: string
- // required: true
- // - name: id
- // in: path
- // description: id of the comment
- // type: integer
- // format: int64
- // required: true
- // - name: attachment_id
- // in: path
- // description: id of the attachment to edit
- // type: integer
- // format: int64
- // required: true
- // - name: body
- // in: body
- // schema:
- // "$ref": "#/definitions/EditAttachmentOptions"
- // responses:
- // "201":
- // "$ref": "#/responses/Attachment"
- // "404":
- // "$ref": "#/responses/error"
- // "423":
- // "$ref": "#/responses/repoArchivedError"
- attach := getIssueCommentAttachmentSafeWrite(ctx)
- if attach == nil {
- return
- }
-
- form := web.GetForm(ctx).(*api.EditAttachmentOptions)
- if form.Name != "" {
- attach.Name = form.Name
- }
-
- if err := repo_model.UpdateAttachment(ctx, attach); err != nil {
- ctx.Error(http.StatusInternalServerError, "UpdateAttachment", attach)
- }
- ctx.JSON(http.StatusCreated, convert.ToAPIAttachment(ctx.Repo.Repository, attach))
- }
-
- // DeleteIssueCommentAttachment delete a given attachment
- func DeleteIssueCommentAttachment(ctx *context.APIContext) {
- // swagger:operation DELETE /repos/{owner}/{repo}/issues/comments/{id}/assets/{attachment_id} issue issueDeleteIssueCommentAttachment
- // ---
- // summary: Delete a comment attachment
- // produces:
- // - application/json
- // parameters:
- // - name: owner
- // in: path
- // description: owner of the repo
- // type: string
- // required: true
- // - name: repo
- // in: path
- // description: name of the repo
- // type: string
- // required: true
- // - name: id
- // in: path
- // description: id of the comment
- // type: integer
- // format: int64
- // required: true
- // - name: attachment_id
- // in: path
- // description: id of the attachment to delete
- // type: integer
- // format: int64
- // required: true
- // responses:
- // "204":
- // "$ref": "#/responses/empty"
- // "404":
- // "$ref": "#/responses/error"
- // "423":
- // "$ref": "#/responses/repoArchivedError"
- attach := getIssueCommentAttachmentSafeWrite(ctx)
- if attach == nil {
- return
- }
-
- if err := repo_model.DeleteAttachment(ctx, attach, true); err != nil {
- ctx.Error(http.StatusInternalServerError, "DeleteAttachment", err)
- return
- }
- ctx.Status(http.StatusNoContent)
- }
-
- func getIssueCommentSafe(ctx *context.APIContext) *issues_model.Comment {
- comment, err := issues_model.GetCommentByID(ctx, ctx.ParamsInt64("id"))
- if err != nil {
- ctx.NotFoundOrServerError("GetCommentByID", issues_model.IsErrCommentNotExist, err)
- return nil
- }
- if err := comment.LoadIssue(ctx); err != nil {
- ctx.Error(http.StatusInternalServerError, "comment.LoadIssue", err)
- return nil
- }
- if comment.Issue == nil || comment.Issue.RepoID != ctx.Repo.Repository.ID {
- ctx.Error(http.StatusNotFound, "", "no matching issue comment found")
- return nil
- }
-
- if !ctx.Repo.CanReadIssuesOrPulls(comment.Issue.IsPull) {
- return nil
- }
-
- comment.Issue.Repo = ctx.Repo.Repository
-
- return comment
- }
-
- func getIssueCommentAttachmentSafeWrite(ctx *context.APIContext) *repo_model.Attachment {
- comment := getIssueCommentSafe(ctx)
- if comment == nil {
- return nil
- }
- if !canUserWriteIssueCommentAttachment(ctx, comment) {
- return nil
- }
- return getIssueCommentAttachmentSafeRead(ctx, comment)
- }
-
- func canUserWriteIssueCommentAttachment(ctx *context.APIContext, comment *issues_model.Comment) bool {
- canEditComment := ctx.IsSigned && (ctx.Doer.ID == comment.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin()) && ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)
- if !canEditComment {
- ctx.Error(http.StatusForbidden, "", "user should have permission to edit comment")
- return false
- }
-
- return true
- }
-
- func getIssueCommentAttachmentSafeRead(ctx *context.APIContext, comment *issues_model.Comment) *repo_model.Attachment {
- attachment, err := repo_model.GetAttachmentByID(ctx, ctx.ParamsInt64("attachment_id"))
- if err != nil {
- ctx.NotFoundOrServerError("GetAttachmentByID", repo_model.IsErrAttachmentNotExist, err)
- return nil
- }
- if !attachmentBelongsToRepoOrComment(ctx, attachment, comment) {
- return nil
- }
- return attachment
- }
-
- func attachmentBelongsToRepoOrComment(ctx *context.APIContext, attachment *repo_model.Attachment, comment *issues_model.Comment) bool {
- if attachment.RepoID != ctx.Repo.Repository.ID {
- log.Debug("Requested attachment[%d] does not belong to repo[%-v].", attachment.ID, ctx.Repo.Repository)
- ctx.NotFound("no such attachment in repo")
- return false
- }
- if attachment.IssueID == 0 || attachment.CommentID == 0 {
- log.Debug("Requested attachment[%d] is not in a comment.", attachment.ID)
- ctx.NotFound("no such attachment in comment")
- return false
- }
- if comment != nil && attachment.CommentID != comment.ID {
- log.Debug("Requested attachment[%d] does not belong to comment[%d].", attachment.ID, comment.ID)
- ctx.NotFound("no such attachment in comment")
- return false
- }
- return true
- }
|