TRKJ/gitea
2
0
Fork 0
mirror of https://gitee.com/gitea/gitea synced 2025-11-04 16:40:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Only view milestones from current repo (#18414) (#18417)

Browse Source 
Backport #18414

The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to
the repo. This PR restricts the milestones to those within the repo.

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath
2022-01-26 22:09:07 +00:00
committed by GitHub
parent 0b331e2213
commit cada7202aa
3 changed files with 3 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
models/issue_milestone.go
View File

@@ -134,22 +134,6 @@ func GetMilestoneByRepoIDANDName(repoID int64, name string) (*Milestone, error)
return &mile, nil return &mile, nil
} }
// GetMilestoneByID returns the milestone via id .
func GetMilestoneByID(id int64) (*Milestone, error) {
return getMilestoneByID(db.GetEngine(db.DefaultContext), id)
}
func getMilestoneByID(e db.Engine, id int64) (*Milestone, error) {
var m Milestone
has, err := e.ID(id).Get(&m)
if err != nil {
return nil, err
} else if !has {
return nil, ErrMilestoneNotExist{ID: id, RepoID: 0}
}
return &m, nil
}
// UpdateMilestone updates information of given milestone. // UpdateMilestone updates information of given milestone.
func UpdateMilestone(m *Milestone, oldIsClosed bool) error { func UpdateMilestone(m *Milestone, oldIsClosed bool) error {
ctx, committer, err := db.TxContext() ctx, committer, err := db.TxContext()

4
routers/web/repo/issue.go
View File

@@ -802,7 +802,7 @@ func NewIssue(ctx *context.Context) {
milestoneID := ctx.FormInt64("milestone") milestoneID := ctx.FormInt64("milestone")
if milestoneID > 0 { if milestoneID > 0 {
milestone, err := models.GetMilestoneByID(milestoneID) milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
if err != nil { if err != nil {
log.Error("GetMilestoneByID: %d: %v", milestoneID, err) log.Error("GetMilestoneByID: %d: %v", milestoneID, err)
} else { } else {
@@ -889,7 +889,7 @@ func ValidateRepoMetas(ctx *context.Context, form forms.CreateIssueForm, isPull
// Check milestone. // Check milestone.
milestoneID := form.MilestoneID milestoneID := form.MilestoneID
if milestoneID > 0 { if milestoneID > 0 {
milestone, err := models.GetMilestoneByID(milestoneID) milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
if err != nil { if err != nil {
ctx.ServerError("GetMilestoneByID", err) ctx.ServerError("GetMilestoneByID", err)
return nil, nil, 0, 0 return nil, nil, 0, 0

2
routers/web/repo/milestone.go
View File

@@ -264,7 +264,7 @@ func DeleteMilestone(ctx *context.Context) {
// MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone // MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone
func MilestoneIssuesAndPulls(ctx *context.Context) { func MilestoneIssuesAndPulls(ctx *context.Context) {
milestoneID := ctx.ParamsInt64(":id") milestoneID := ctx.ParamsInt64(":id")
milestone, err := models.GetMilestoneByID(milestoneID) milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
if err != nil { if err != nil {
if models.IsErrMilestoneNotExist(err) { if models.IsErrMilestoneNotExist(err) {
ctx.NotFound("GetMilestoneByID", err) ctx.NotFound("GetMilestoneByID", err)