Icycoide/RSCC-Forge
1
0
Fork 0
forked from kevadesu/forgejo
Code Pull requests Activity

Fix comment permissions (#28213) (#28216)

Browse source 
backport #28213

This PR will fix some missed checks for private repositories' data on
web routes and API routes.
This commit is contained in:
Lunny Xiao 2023-11-26 07:43:23 +08:00 committed by GitHub
parent 7f81110461
commit bc3d8bff73
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
41 changed files with 441 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

4
routers/api/v1/user/app.go
View file

@ -343,6 +343,10 @@ func GetOauth2Application(ctx *context.APIContext) {
}
return
}
if app.UID != ctx.Doer.ID {
ctx.NotFound()
return
}
app.ClientSecret = ""