bug: fix comment update permision check

No the ui only allow poster to update or delet comment, which is not reasonable and different with handle logic, this pr change it to allow poster of comment do it ref code: https://github.com/go-gitea/gitea/blob/e8955173a9be1acaa9a3755c37b6059422acda20/routers/repo/issue.go#L1636 https://github.com/go-gitea/gitea/blob/e8955173a9be1acaa9a3755c37b6059422acda20/routers/repo/issue.go#L1681 fix go-gitea#11663 Signed-off-by: a1012112796 <[email protected]>
a1012112796 · May 29, 2020 · c91304f · c91304f
1 parent 8730b09
commit c91304f
Show file tree

Hide file tree

Showing 6 changed files with 8 additions and 4 deletions.
diff --git a/models/issue_comment.go b/models/issue_comment.go
@@ -177,6 +177,8 @@ type Comment struct {
  NewCommit string `xorm:"-"`
  CommitsNum int64 `xorm:"-"`
  IsForcePush bool `xorm:"-"`
+
+ IsCommentPoster bool `xorm:"-"`
 }
 
 // PushActionContent is content of push pull comment

diff --git a/routers/repo/issue.go b/routers/repo/issue.go
@@ -919,6 +919,8 @@ func ViewIssue(ctx *context.Context) {
  return
  }
 
+ comment.IsCommentPoster = ctx.IsSigned && (ctx.User.ID == comment.PosterID)
+
  if comment.Type == models.CommentTypeComment {
  if err := comment.LoadAttachments(); err != nil {
  ctx.ServerError("LoadAttachments", err)

diff --git a/templates/repo/diff/comments.tmpl b/templates/repo/diff/comments.tmpl
@@ -31,7 +31,7 @@
  {{end}}
  {{end}}
  {{template "repo/issue/view_content/add_reaction" Dict "ctx" $ "ActionURL" (Printf "%s/comments/%d/reactions" $.root.RepoLink .ID) }}
- {{template "repo/issue/view_content/context_menu" Dict "ctx" $.root "item" . "delete" true "diff" true }}
+ {{template "repo/issue/view_content/context_menu" Dict "ctx" $.root "item" . "delete" true "diff" true "IsCommentPoster" .IsCommentPoster}}
  </div>
  </div>
  <div class="ui attached segment">

diff --git a/templates/repo/issue/view_content.tmpl b/templates/repo/issue/view_content.tmpl
@@ -41,7 +41,7 @@
  {{if not $.Repository.IsArchived}}
  <div class="ui right actions">
  {{template "repo/issue/view_content/add_reaction" Dict "ctx" $ "ActionURL" (Printf "%s/issues/%d/reactions" $.RepoLink .Issue.Index)}}
- {{template "repo/issue/view_content/context_menu" Dict "ctx" $ "item" .Issue "delete" false "diff" false }}
+ {{template "repo/issue/view_content/context_menu" Dict "ctx" $ "item" .Issue "delete" false "diff" false "IsCommentPoster" $.IsIssuePoster}}
  </div>
  {{end}}
  </div>

diff --git a/templates/repo/issue/view_content/comments.tmpl b/templates/repo/issue/view_content/comments.tmpl
@@ -39,7 +39,7 @@
  </div>
  {{end}}
  {{template "repo/issue/view_content/add_reaction" Dict "ctx" $ "ActionURL" (Printf "%s/comments/%d/reactions" $.RepoLink .ID)}}
- {{template "repo/issue/view_content/context_menu" Dict "ctx" $ "item" . "delete" true "diff" false }}
+ {{template "repo/issue/view_content/context_menu" Dict "ctx" $ "item" . "delete" true "diff" false "IsCommentPoster" .IsCommentPoster}}
  </div>
  {{end}}
  </div>

diff --git a/templates/repo/issue/view_content/context_menu.tmpl b/templates/repo/issue/view_content/context_menu.tmpl
@@ -10,7 +10,7 @@
  <div class="item context clipboard" data-clipboard-text="{{Printf "%s%s/issues/%d#%s" AppUrl .ctx.Repository.FullName .ctx.Issue.Index .item.HashTag}}">{{.ctx.i18n.Tr "repo.issues.context.copy_link"}}</div>
  {{end}}
  <div class="item context quote-reply {{if .diff}}quote-reply-diff{{end}}" data-target="{{.item.ID}}">{{.ctx.i18n.Tr "repo.issues.context.quote_reply"}}</div>
- {{if or .ctx.Permission.IsAdmin .ctx.IsIssuePoster .ctx.HasIssuesOrPullsWritePermission}}
+ {{if or .ctx.Permission.IsAdmin .IsCommentPoster .ctx.HasIssuesOrPullsWritePermission}}
  <div class="divider"></div>
  <div class="item context edit-content">{{.ctx.i18n.Tr "repo.issues.context.edit"}}</div>
  {{if .delete}}