forgejo/routers/user
Antoine GIRARD 8b24073713 Only serve attachments when linked to issue/release and if accessible by user (#9340)
* test: add current attachement responses

* refactor: check if attachement is linked and accessible by user

* chore: clean TODO

* fix: typo attachement -> attachment

* revert un-needed go.sum change

* refactor: move models logic to models

* fix TestCreateIssueAttachment which was wrongly successful

* fix unit tests with unittype added

* fix unit tests with changes

* use a valid uuid format for pgsql int. test

* test: add unit test TestLinkedRepository

* refactor: allow uploader to access unlinked attachement

* add missing blank line

* refactor: move to a separate function repo.GetAttachment

* typo

* test: remove err test return

* refactor: use repo perm for access checking generally + 404 for all reject
2020-01-05 01:20:08 +02:00
..
setting Add password requirement info on error (#9074) 2019-11-19 22:44:58 +00:00
auth.go update #9066 Always show Password field on link account sign in page (#9147) 2019-11-24 15:17:53 -05:00
auth_openid.go Move all mail related codes from models to services/mailer (#7200) 2019-09-24 13:02:49 +08:00
avatar.go [BugFix] use default avatar for ghost user (fix 500 error) (#9536) 2019-12-29 16:24:50 +02:00
home.go Fix error logged when repos qs is empty (#9591) 2020-01-03 23:39:12 +02:00
home_test.go Only serve attachments when linked to issue/release and if accessible by user (#9340) 2020-01-05 01:20:08 +02:00
main_test.go
notification.go Improve notification (#8835) 2019-11-12 16:33:34 +08:00
oauth.go
profile.go site admin could view org's members (#9346) 2019-12-14 01:36:59 -05:00