public/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-11-03 08:02:36 +09:00
Code Issues Packages Projects Releases Wiki Activity

Nuke the incorrect permission report on /api/v1/notifications (#19761)

Browse Source 
The permissions created in convertRepo use a minimal perm.AccessModeRead instead of
correctly computing the permission for the repository. This incorrect permission is
then reported to the user.

I do not believe that reporting the permissions is helpful and therefore I propose
we simply null these out. The user can check their permissions using a different
endpoint.

Fix #19759

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath
2022-05-20 17:57:49 +01:00
committed by GitHub
parent fd7d83ace6
commit a9af93cb21
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
modules/convert/notification.go
View File

@@ -25,6 +25,11 @@ func ToNotificationThread(n *models.Notification) *api.NotificationThread {
// since user only get notifications when he has access to use minimal access mode // since user only get notifications when he has access to use minimal access mode
if n.Repository != nil { if n.Repository != nil {
result.Repository = ToRepo(n.Repository, perm.AccessModeRead) result.Repository = ToRepo(n.Repository, perm.AccessModeRead)
// This permission is not correct and we should not be reporting it
for repository := result.Repository; repository != nil; repository = repository.Parent {
repository.Permissions = nil
}
} }
// handle Subject // handle Subject