mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-03-09 16:02:06 +01:00
d7e483fd52
Some checks failed
testing / frontend-checks (push) Has been cancelled
/ release (push) Has been cancelled
testing / backend-checks (push) Has been cancelled
testing / test-unit (push) Has been cancelled
testing / test-mysql (push) Has been cancelled
testing / test-pgsql (push) Has been cancelled
testing / test-sqlite (push) Has been cancelled
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/7143
- The security patch of forgejo/forgejo#6843 fixed the issue where project boards loaded all issues without considering if the doer actually had permission to view that issue. Within that patch the call to `Issues` was modified to include this permission checking.
- The query being generated was not entirely correct. Issues in public repositories weren't considered correctly (partly the fault of not setting `AllPublic` unconditionally) in the cause an authenticated user loaded the project.
- This is now fixed by setting `AllPublic` unconditionally and subsequently fixing the `Issue` function to ensure that the combination of setting `AllPublic` and `User` generates the correct query, by combining the permission check and issues in public repositories as one `AND` query.
- Added unit testing.
- Added integration testing.
- Resolves Codeberg/Community#1809
- Regression of https://codeberg.org/forgejo/forgejo/pulls/6843
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| assignees.go | ||
| assignees_test.go | ||
| comment.go | ||
| comment_code.go | ||
| comment_list.go | ||
| comment_test.go | ||
| content_history.go | ||
| content_history_test.go | ||
| dependency.go | ||
| dependency_test.go | ||
| issue.go | ||
| issue_index.go | ||
| issue_index_test.go | ||
| issue_label.go | ||
| issue_label_test.go | ||
| issue_list.go | ||
| issue_list_test.go | ||
| issue_lock.go | ||
| issue_project.go | ||
| issue_project_test.go | ||
| issue_search.go | ||
| issue_stats.go | ||
| issue_stats_test.go | ||
| issue_test.go | ||
| issue_update.go | ||
| issue_user.go | ||
| issue_user_test.go | ||
| issue_watch.go | ||
| issue_watch_test.go | ||
| issue_xref.go | ||
| issue_xref_test.go | ||
| label.go | ||
| label_test.go | ||
| main_test.go | ||
| milestone.go | ||
| milestone_list.go | ||
| milestone_test.go | ||
| pull.go | ||
| pull_list.go | ||
| pull_test.go | ||
| reaction.go | ||
| reaction_test.go | ||
| review.go | ||
| review_list.go | ||
| review_test.go | ||
| stopwatch.go | ||
| stopwatch_test.go | ||
| tracked_time.go | ||
| tracked_time_test.go | ||