mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-27 00:23:41 +09:00 
			
		
		
		
	Fix issue & comment history bugs (#29525)
* Follow #17746: `HasIssueContentHistory` should use expr builder to make sure zero value (0) be respected. * Add "doer" check to make sure `canSoftDeleteContentHistory` only be called by sign-in users.
This commit is contained in:
		| @@ -172,13 +172,9 @@ func FetchIssueContentHistoryList(dbCtx context.Context, issueID, commentID int6 | ||||
|  | ||||
| // HasIssueContentHistory check if a ContentHistory entry exists | ||||
| func HasIssueContentHistory(dbCtx context.Context, issueID, commentID int64) (bool, error) { | ||||
| 	exists, err := db.GetEngine(dbCtx).Cols("id").Exist(&ContentHistory{ | ||||
| 		IssueID:   issueID, | ||||
| 		CommentID: commentID, | ||||
| 	}) | ||||
| 	exists, err := db.GetEngine(dbCtx).Where(builder.Eq{"issue_id": issueID, "comment_id": commentID}).Exist(&ContentHistory{}) | ||||
| 	if err != nil { | ||||
| 		log.Error("can not fetch issue content history. err=%v", err) | ||||
| 		return false, err | ||||
| 		return false, fmt.Errorf("can not check issue content history. err: %w", err) | ||||
| 	} | ||||
| 	return exists, err | ||||
| } | ||||
|   | ||||
| @@ -78,3 +78,22 @@ func TestContentHistory(t *testing.T) { | ||||
| 	assert.EqualValues(t, 7, list2[1].HistoryID) | ||||
| 	assert.EqualValues(t, 4, list2[2].HistoryID) | ||||
| } | ||||
|  | ||||
| func TestHasIssueContentHistoryForCommentOnly(t *testing.T) { | ||||
| 	assert.NoError(t, unittest.PrepareTestDatabase()) | ||||
|  | ||||
| 	_ = db.TruncateBeans(db.DefaultContext, &issues_model.ContentHistory{}) | ||||
|  | ||||
| 	hasHistory1, _ := issues_model.HasIssueContentHistory(db.DefaultContext, 10, 0) | ||||
| 	assert.False(t, hasHistory1) | ||||
| 	hasHistory2, _ := issues_model.HasIssueContentHistory(db.DefaultContext, 10, 100) | ||||
| 	assert.False(t, hasHistory2) | ||||
|  | ||||
| 	_ = issues_model.SaveIssueContentHistory(db.DefaultContext, 1, 10, 100, timeutil.TimeStampNow(), "c-a", true) | ||||
| 	_ = issues_model.SaveIssueContentHistory(db.DefaultContext, 1, 10, 100, timeutil.TimeStampNow().Add(5), "c-b", false) | ||||
|  | ||||
| 	hasHistory1, _ = issues_model.HasIssueContentHistory(db.DefaultContext, 10, 0) | ||||
| 	assert.False(t, hasHistory1) | ||||
| 	hasHistory2, _ = issues_model.HasIssueContentHistory(db.DefaultContext, 10, 100) | ||||
| 	assert.True(t, hasHistory2) | ||||
| } | ||||
|   | ||||
| @@ -94,7 +94,7 @@ func canSoftDeleteContentHistory(ctx *context.Context, issue *issues_model.Issue | ||||
| 	// CanWrite means the doer can manage the issue/PR list | ||||
| 	if ctx.Repo.IsOwner() || ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) { | ||||
| 		canSoftDelete = true | ||||
| 	} else { | ||||
| 	} else if ctx.Doer != nil { | ||||
| 		// for read-only users, they could still post issues or comments, | ||||
| 		// they should be able to delete the history related to their own issue/comment, a case is: | ||||
| 		// 1. the user posts some sensitive data | ||||
| @@ -186,6 +186,10 @@ func SoftDeleteContentHistory(ctx *context.Context) { | ||||
| 	if ctx.Written() { | ||||
| 		return | ||||
| 	} | ||||
| 	if ctx.Doer == nil { | ||||
| 		ctx.NotFound("Require SignIn", nil) | ||||
| 		return | ||||
| 	} | ||||
|  | ||||
| 	commentID := ctx.FormInt64("comment_id") | ||||
| 	historyID := ctx.FormInt64("history_id") | ||||
|   | ||||
		Reference in New Issue
	
	Block a user