forgejo/routers
Antoine GIRARD 8b24073713 Only serve attachments when linked to issue/release and if accessible by user (#9340)
* test: add current attachement responses

* refactor: check if attachement is linked and accessible by user

* chore: clean TODO

* fix: typo attachement -> attachment

* revert un-needed go.sum change

* refactor: move models logic to models

* fix TestCreateIssueAttachment which was wrongly successful

* fix unit tests with unittype added

* fix unit tests with changes

* use a valid uuid format for pgsql int. test

* test: add unit test TestLinkedRepository

* refactor: allow uploader to access unlinked attachement

* add missing blank line

* refactor: move to a separate function repo.GetAttachment

* typo

* test: remove err test return

* refactor: use repo perm for access checking generally + 404 for all reject
2020-01-05 01:20:08 +02:00
..
admin Graceful: Xorm, RepoIndexer, Cron and Others (#9282) 2019-12-15 09:51:28 +00:00
api/v1 [API] dont reqToken on GetReactions (fix #9543) (#9548) 2020-01-02 23:27:31 +02:00
dev
org site admin could view org's members (#9346) 2019-12-14 01:36:59 -05:00
private Add branch protection option to block merge on requested changes. (#9592) 2020-01-03 19:47:09 +02:00
repo Only serve attachments when linked to issue/release and if accessible by user (#9340) 2020-01-05 01:20:08 +02:00
routes Only serve attachments when linked to issue/release and if accessible by user (#9340) 2020-01-05 01:20:08 +02:00
user Only serve attachments when linked to issue/release and if accessible by user (#9340) 2020-01-05 01:20:08 +02:00
utils
home.go Use Req.URL.RequestURI() to cope with FCGI urls (#9473) 2019-12-24 00:11:12 +00:00
init.go Refactor code indexer (#9313) 2019-12-23 20:31:16 +08:00
install.go Graceful: Xorm, RepoIndexer, Cron and Others (#9282) 2019-12-15 09:51:28 +00:00
metrics.go
swagger_json.go