mirror of
				https://gitcode.com/gitea/gitea.git
				synced 2025-10-25 12:26:40 +08:00 
			
		
		
		
	fix permission check for creating comment while mail (#22524)
only creating comment on locked issue request write permission, for others, read permission is enough. related to https://github.com/go-gitea/gitea/pull/22056 /cc @KN4CK3R --------- Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
		| @ -71,11 +71,17 @@ func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *u | ||||
| 		return err | ||||
| 	} | ||||
|  | ||||
| 	if !perm.CanWriteIssuesOrPulls(issue.IsPull) || issue.IsLocked && !doer.IsAdmin { | ||||
| 	// Locked issues require write permissions | ||||
| 	if issue.IsLocked && !perm.CanWriteIssuesOrPulls(issue.IsPull) && !doer.IsAdmin { | ||||
| 		log.Debug("can't write issue or pull") | ||||
| 		return nil | ||||
| 	} | ||||
|  | ||||
| 	if !perm.CanReadIssuesOrPulls(issue.IsPull) { | ||||
| 		log.Debug("can't read issue or pull") | ||||
| 		return nil | ||||
| 	} | ||||
|  | ||||
| 	switch r := ref.(type) { | ||||
| 	case *issues_model.Issue: | ||||
| 		attachmentIDs := make([]string, 0, len(content.Attachments)) | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	 a1012112796
					a1012112796