nune/gitea
nune/gitea
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Fix bug when a token is given public only (#32204)

Browse source
This commit is contained in:
Lunny Xiao 2024-10-08 17:51:09 +08:00 committed by GitHub
parent d3ada91ea4
commit d6d3c96e65
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 178 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

14
routers/api/packages/api.go
View file

@ -63,6 +63,20 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {
ctx.Error(http.StatusUnauthorized, "reqPackageAccess", "user should have specific permission or be a site admin")
return
}
// check if scope only applies to public resources
publicOnly, err := scope.PublicOnly()
if err != nil {
ctx.Error(http.StatusForbidden, "tokenRequiresScope", "parsing public resource scope failed: "+err.Error())
return
}
if publicOnly {
if ctx.Package != nil && ctx.Package.Owner.Visibility.IsPrivate() {
ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public packages")
return
}
}
}
}