forgejo/tests
forgejo-backport-action c2158b2a1f
Some checks failed
/ release (push) Has been cancelled
testing / backend-checks (push) Has been cancelled
testing / frontend-checks (push) Has been cancelled
testing / test-unit (push) Has been cancelled
testing / test-e2e (push) Has been cancelled
testing / test-remote-cacher (redis) (push) Has been cancelled
testing / test-remote-cacher (valkey) (push) Has been cancelled
testing / test-remote-cacher (garnet) (push) Has been cancelled
testing / test-remote-cacher (redict) (push) Has been cancelled
testing / test-mysql (push) Has been cancelled
testing / test-pgsql (push) Has been cancelled
testing / test-sqlite (push) Has been cancelled
testing / security-check (push) Has been cancelled
[v10.0/forgejo] fix: consider public issues for project boards (#7144)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/7143

- The security patch of forgejo/forgejo#6843 fixed the issue where project boards loaded all issues without considering if the doer actually had permission to view that issue. Within that patch the call to `Issues` was modified to include this permission checking.
- The query being generated was not entirely correct. Issues in public repositories weren't considered correctly (partly the fault of not setting `AllPublic` unconditionally) in the cause an authenticated user loaded the project.
- This is now fixed by setting `AllPublic` unconditionally and subsequently fixing the `Issue` function to ensure that the combination of setting `AllPublic` and `User` generates the correct query, by combining the permission check and issues in public repositories as one `AND` query.
- Added unit testing.
- Added integration testing.
- Resolves Codeberg/Community#1809
- Regression of https://codeberg.org/forgejo/forgejo/pulls/6843

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7144
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2025-03-07 00:51:07 +00:00
..
e2e [v10.0/forgejo] fix(ui): hide extra PR property labels on title edit (#6905) 2025-02-12 09:05:43 +00:00
fuzz Rework markup link rendering (#26745) 2024-01-15 08:49:24 +00:00
gitea-lfs-meta Test views of LFS files (#22196) 2022-12-23 07:41:56 +08:00
gitea-repositories-meta [v10.0/forgejo] chore: remove illegal git usage (#6492) 2025-01-07 19:01:32 +00:00
integration [v10.0/forgejo] fix: consider public issues for project boards (#7144) 2025-03-07 00:51:07 +00:00
testdata/data Add artifacts test fixture (#30300) 2024-11-05 09:33:15 +01:00
mysql.ini.tmpl chore: improve slow tests 2024-11-14 12:41:11 +01:00
pgsql.ini.tmpl chore: improve slow tests 2024-11-14 12:41:11 +01:00
sqlite.ini.tmpl test: use memory for integration and journal for migration 2024-11-14 15:38:06 +01:00
test_utils.go chore: fix e2e 2024-11-15 14:02:16 +01:00