13
3
Fork 0
Wiki Issues 89 resources competences Projects 8 Code Pull Requests Releases Activity
Browse Source

Nuke the incorrect permission report on /api/v1/notifications (#19761) 

The permissions created in convertRepo use a minimal perm.AccessModeRead instead of
correctly computing the permission for the repository. This incorrect permission is
then reported to the user.

I do not believe that reporting the permissions is helpful and therefore I propose
we simply null these out. The user can check their permissions using a different
endpoint.

Fix #19759

Signed-off-by: Andrew Thornton <art27@cantab.net>
pull/18744/merge
zeripath 3 years ago committed by GitHub
parent
fd7d83ace6
commit
a9af93cb21
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      modules/convert/notification.go

5
modules/convert/notification.go
Unescape View File

@ -25,6 +25,11 @@ func ToNotificationThread(n *models.Notification) *api.NotificationThread {
// since user only get notifications when he has access to use minimal access mode // since user only get notifications when he has access to use minimal access mode
if n.Repository != nil { if n.Repository != nil {
result.Repository = ToRepo(n.Repository, perm.AccessModeRead) result.Repository = ToRepo(n.Repository, perm.AccessModeRead)
// This permission is not correct and we should not be reporting it
for repository := result.Repository; repository != nil; repository = repository.Parent {
repository.Permissions = nil
}
} }
// handle Subject // handle Subject

Write Preview
Loading…
Cancel
Save