Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add write check for creating Commit status #20332

Merged
merged 2 commits into from
Jul 12, 2022

Conversation

Gusted
Copy link
Contributor

@Gusted Gusted commented Jul 12, 2022

- Add write code checks for creating new commit status
- Regression go-gitea#5314
@Gusted Gusted added issue/regression Issue needs no code to be fixed, only a description on how to fix it yourself backport/v1.17 labels Jul 12, 2022
@Gusted Gusted added this to the 1.18.0 milestone Jul 12, 2022
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Jul 12, 2022
Gusted pushed a commit to Gusted/gitea that referenced this pull request Jul 12, 2022
- Backport go-gitea#20332
  - Add write code checks for creating new commit status
  - Regression from go-gitea#5314
  - Resolves go-gitea#20331
Gusted pushed a commit to Gusted/gitea that referenced this pull request Jul 12, 2022
- Backport go-gitea#20332
  - Add write code checks for creating new commit status
  - Regression from go-gitea#5314
  - Resolves go-gitea#20331
@Gusted Gusted added the backport/done All backports for this PR have been created label Jul 12, 2022
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jul 12, 2022
@6543 6543 merged commit 3aec32a into go-gitea:main Jul 12, 2022
6543 pushed a commit that referenced this pull request Jul 12, 2022
- Backport #20332
  - Add write code checks for creating new commit status
  - Regression from #5314
  - Resolves #20331
6543 pushed a commit that referenced this pull request Jul 12, 2022
- Backport #20332
  - Add write code checks for creating new commit status
  - Regression from #5314
  - Resolves #20331
tyroneyeh added a commit to tyroneyeh/gitea that referenced this pull request Jul 13, 2022
commit 713bc6c
Author: 6543 <6543@obermui.de>
Date:   Tue Jul 12 20:26:27 2022 +0200

    Changelog for 1.16.9 (update) (go-gitea#20341)

    * Changelog for 1.16.9 (update)

    * update security section

commit 6b7e860
Author: Lunny Xiao <xiaolunwen@gmail.com>
Date:   Wed Jul 13 01:13:31 2022 +0800

    Hide notify mail setting ui if not enabled (go-gitea#20138) (go-gitea#20337)

    Backport go-gitea#20138

commit 0f89417
Author: Gusted <williamzijl7@hotmail.com>
Date:   Tue Jul 12 12:52:20 2022 +0000

    Add write check for creating Commit status (go-gitea#20332) (go-gitea#20334)

    - Backport go-gitea#20332
      - Add write code checks for creating new commit status
      - Regression from go-gitea#5314
      - Resolves go-gitea#20331

commit 7c80a0b
Author: zeripath <art27@cantab.net>
Date:   Mon Jul 11 10:15:43 2022 +0100

    Ensure that drone tags 1.16.x and 1.16 on push to v1.16.x tag (go-gitea#20304)

    We need pushes to v1.16.9 to create tags to 1.16.9 and 1.16 but not 1 or latest.

    We have previously adjusted the manifest to remove the latest tag, and have removed
    auto_tags so that 1 does not get tagged but in doing so we also stopped 1.16 being
    tagged. So here we just state the that we tag x.yy in addition to x.yyz*.

    Signed-off-by: Andrew Thornton <art27@cantab.net>

commit b42df31
Author: zeripath <art27@cantab.net>
Date:   Wed Jul 6 02:47:16 2022 +0100

    Only show Followers that current user can access (go-gitea#20220) (go-gitea#20253)

    Backport go-gitea#20220

    Users who are following or being followed by a user should only be
    displayed if the viewing user can see them.

    Signed-off-by: Andrew Thornton <art27@cantab.net>

commit 6162fb0
Author: Gusted <williamzijl7@hotmail.com>
Date:   Fri Jul 1 17:39:10 2022 +0200

    Check for permission when fetching user controlled issues (go-gitea#20133) (go-gitea#20196)

    * Check if project has the same repository id with issue when assign project to issue

    * Check if issue's repository id match project's repository id

    * Add more permission checking

    * Remove invalid argument

    * Fix errors

    * Add generic check

    * Remove duplicated check

    * Return error + add check for new issues

    * Apply suggestions from code review

    Co-authored-by: Gusted <williamzijl7@hotmail.com>
    Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
    Co-authored-by: 6543 <6543@obermui.de>
@Gusted Gusted deleted the fix-permission-checking branch July 13, 2022 06:20
zjjhot added a commit to zjjhot/gitea that referenced this pull request Jul 14, 2022
* giteaofficial/main:
  Fix icon margin in user/settings/repos (go-gitea#20281)
  Fix org label open count, including close count issue (go-gitea#20353)
  [skip ci] Updated translations via Crowdin
  Prevent context deadline error propagation in GetCommitsInfo (go-gitea#20346)
  Add missing return for when topic isn't found (go-gitea#20351)
  Upgrade to Node 18 on CI (go-gitea#20340)
  Fix checks in PR for empty commits go-gitea#19603 (go-gitea#20290)
  Use default values when provided values are empty (go-gitea#20318)
  Add tests for the host checking logic, clarify the behaviors (go-gitea#20328)
  Changelog for 1.16.9 (update) (go-gitea#20341) (go-gitea#20343)
  Fix various typos (go-gitea#20338)
  Correctly handle draft releases without a tag (go-gitea#20314)
  Add write check for creating Commit status (go-gitea#20332)
  Remove blue text on migrate page (go-gitea#20273)
  Updated dead link to Madeleine.js source (go-gitea#20322)
vsysoev pushed a commit to IntegraSDL/gitea that referenced this pull request Aug 10, 2022
- Add write code checks for creating new commit status
- Regression go-gitea#5314

Co-authored-by: zeripath <art27@cantab.net>
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
backport/done All backports for this PR have been created issue/regression Issue needs no code to be fixed, only a description on how to fix it yourself lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

New commit status API doesn't check permissions properly
5 participants