aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorzeripath2022-01-26 22:09:35 +0000
committerGitHub2022-01-26 22:09:35 +0000
commit9d9ad1b59fe062e4e87248a7333dc6414260815c (patch)
tree34de5f72e166ec11f353fb550abf85b49eb7d992
parentdf57524c49d45efa258d3533ecb1582387cde312 (diff)
Only view milestones from current repo (#18414) (#18418)
Backport #18414 The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to the repo. This PR restricts the milestones to those within the repo. Signed-off-by: Andrew Thornton <art27@cantab.net>
-rw-r--r--models/issue_milestone.go16
-rw-r--r--routers/web/repo/issue.go31
-rw-r--r--routers/web/repo/milestone.go2
3 files changed, 15 insertions, 34 deletions
diff --git a/models/issue_milestone.go b/models/issue_milestone.go
index 5e934cde0..81fa2baba 100644
--- a/models/issue_milestone.go
+++ b/models/issue_milestone.go
@@ -127,22 +127,6 @@ func GetMilestoneByRepoIDANDName(repoID int64, name string) (*Milestone, error)
return &mile, nil
}
-// GetMilestoneByID returns the milestone via id .
-func GetMilestoneByID(id int64) (*Milestone, error) {
- return getMilestoneByID(x, id)
-}
-
-func getMilestoneByID(e Engine, id int64) (*Milestone, error) {
- var m Milestone
- has, err := e.ID(id).Get(&m)
- if err != nil {
- return nil, err
- } else if !has {
- return nil, ErrMilestoneNotExist{ID: id, RepoID: 0}
- }
- return &m, nil
-}
-
// UpdateMilestone updates information of given milestone.
func UpdateMilestone(m *Milestone, oldIsClosed bool) error {
sess := x.NewSession()
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index 30cfc23ee..4c55dc748 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -51,17 +51,15 @@ const (
issueTemplateTitleKey = "IssueTemplateTitle"
)
-var (
- // IssueTemplateCandidates issue templates
- IssueTemplateCandidates = []string{
- "ISSUE_TEMPLATE.md",
- "issue_template.md",
- ".gitea/ISSUE_TEMPLATE.md",
- ".gitea/issue_template.md",
- ".github/ISSUE_TEMPLATE.md",
- ".github/issue_template.md",
- }
-)
+// IssueTemplateCandidates issue templates
+var IssueTemplateCandidates = []string{
+ "ISSUE_TEMPLATE.md",
+ "issue_template.md",
+ ".gitea/ISSUE_TEMPLATE.md",
+ ".gitea/issue_template.md",
+ ".github/ISSUE_TEMPLATE.md",
+ ".github/issue_template.md",
+}
// MustAllowUserComment checks to make sure if an issue is locked.
// If locked and user has permissions to write to the repository,
@@ -239,7 +237,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption uti
}
}
- var issueList = models.IssueList(issues)
+ issueList := models.IssueList(issues)
approvalCounts, err := issueList.GetApprovalCounts()
if err != nil {
ctx.ServerError("ApprovalCounts", err)
@@ -422,7 +420,6 @@ func RetrieveRepoMilestonesAndAssignees(ctx *context.Context, repo *models.Repos
}
func retrieveProjects(ctx *context.Context, repo *models.Repository) {
-
var err error
ctx.Data["OpenProjects"], _, err = models.GetProjects(models.ProjectSearchOptions{
@@ -781,7 +778,7 @@ func NewIssue(ctx *context.Context) {
milestoneID := ctx.QueryInt64("milestone")
if milestoneID > 0 {
- milestone, err := models.GetMilestoneByID(milestoneID)
+ milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
if err != nil {
log.Error("GetMilestoneByID: %d: %v", milestoneID, err)
} else {
@@ -865,7 +862,7 @@ func ValidateRepoMetas(ctx *context.Context, form forms.CreateIssueForm, isPull
// Check milestone.
milestoneID := form.MilestoneID
if milestoneID > 0 {
- ctx.Data["Milestone"], err = repo.GetMilestoneByID(milestoneID)
+ ctx.Data["Milestone"], err = models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
if err != nil {
ctx.ServerError("GetMilestoneByID", err)
return nil, nil, 0, 0
@@ -2446,7 +2443,7 @@ func filterXRefComments(ctx *context.Context, issue *models.Issue) error {
// GetIssueAttachments returns attachments for the issue
func GetIssueAttachments(ctx *context.Context) {
issue := GetActionIssue(ctx)
- var attachments = make([]*api.Attachment, len(issue.Attachments))
+ attachments := make([]*api.Attachment, len(issue.Attachments))
for i := 0; i < len(issue.Attachments); i++ {
attachments[i] = convert.ToReleaseAttachment(issue.Attachments[i])
}
@@ -2460,7 +2457,7 @@ func GetCommentAttachments(ctx *context.Context) {
ctx.NotFoundOrServerError("GetCommentByID", models.IsErrCommentNotExist, err)
return
}
- var attachments = make([]*api.Attachment, 0)
+ attachments := make([]*api.Attachment, 0)
if comment.Type == models.CommentTypeComment {
if err := comment.LoadAttachments(); err != nil {
ctx.ServerError("LoadAttachments", err)
diff --git a/routers/web/repo/milestone.go b/routers/web/repo/milestone.go
index 129f1a559..bf6027a93 100644
--- a/routers/web/repo/milestone.go
+++ b/routers/web/repo/milestone.go
@@ -268,7 +268,7 @@ func DeleteMilestone(ctx *context.Context) {
// MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone
func MilestoneIssuesAndPulls(ctx *context.Context) {
milestoneID := ctx.ParamsInt64(":id")
- milestone, err := models.GetMilestoneByID(milestoneID)
+ milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
if err != nil {
if models.IsErrMilestoneNotExist(err) {
ctx.NotFound("GetMilestoneByID", err)