bug:fix add assignees permission bug on New PR from forked repo

In gitea now seting, only users have write permission can add Assignees, but if a user who don't have write permission also can add Assignees when they creat a Pull Request from a forked repo ,Because It haven't check the permission, so it's a bug. This PR should fix this bug by add a check for write permission. two other small changes: * hide gear on new PR page when it's not necessary like go-gitea#10750, * remove some unusefull comments. Signed-off-by: a1012112796 <[email protected]>
a1012112796 · Mar 27, 2020 · e7b55b4 · e7b55b4
1 parent a3f9094
commit e7b55b4
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 26 deletions.
diff --git a/routers/repo/compare.go b/routers/repo/compare.go
@@ -427,6 +427,8 @@ func CompareDiff(ctx *context.Context) {
  return
  }
 
+ ctx.Data["IsIssueWriter"] = ctx.Repo.CanWriteIssuesOrPulls(true)
+
  ctx.Data["Title"] = "Comparing " + base.ShortSha(beforeCommitID) + "..." + base.ShortSha(afterCommitID)
 
  ctx.Data["IsRepoToolbarCommits"] = true

diff --git a/templates/repo/issue/new_form.tmpl b/templates/repo/issue/new_form.tmpl
@@ -41,7 +41,9 @@
  <div class="ui {{if not .Labels}}disabled{{end}} floating jump select-label dropdown">
  <span class="text">
  <strong>{{.i18n.Tr "repo.issues.new.labels"}}</strong>
- {{svg "octicon-gear" 16}}
+ {{if .Labels}}
+ {{svg "octicon-gear" 16}}
+ {{end}}
  </span>
  <div class="filter menu" data-id="#label_ids">
  <div class="no-select item">{{.i18n.Tr "repo.issues.new.clear_labels"}}</div>
@@ -64,7 +66,9 @@
  <div class="ui {{if not (or .OpenMilestones .ClosedMilestones)}}disabled{{end}} floating jump select-milestone dropdown">
  <span class="text">
  <strong>{{.i18n.Tr "repo.issues.new.milestone"}}</strong>
- {{svg "octicon-gear" 16}}
+ {{if or .OpenMilestones .ClosedMilestones}}
+ {{svg "octicon-gear" 16}}
+ {{end}}
  </span>
  <div class="menu">
  <div class="no-select item">{{.i18n.Tr "repo.issues.new.clear_milestone"}}</div>
@@ -102,10 +106,12 @@
  <div class="ui divider"></div>
 
  <input id="assignee_ids" name="assignee_ids" type="hidden" value="{{.assignee_ids}}">
- <div class="ui {{if not .Assignees}}disabled{{end}} floating jump select-assignees dropdown">
+ <div class="ui {{if or (not .IsIssueWriter) (not .Assignees)}}disabled{{end}} floating jump select-assignees dropdown">
  <span class="text">
  <strong>{{.i18n.Tr "repo.issues.new.assignees"}}</strong>
- {{svg "octicon-gear" 16}}
+ {{if and .IsIssueWriter .Assignees}}
+ {{svg "octicon-gear" 16}}
+ {{end}}
  </span>
  <div class="filter menu" data-id="#assignee_ids">
  <div class="no-select item">{{.i18n.Tr "repo.issues.new.clear_assignees"}}</div>
@@ -129,28 +135,6 @@
  </a>
  {{end}}
  </div>
-
- <!-- input id="assignee_ids" name="assignee_ids" type="hidden" value="{{.assignee_id}}">
- <div class="ui {{if not .Assignees}}disabled{{end}} floating jump select-assignee dropdown">
- <span class="text">
- <strong>{{.i18n.Tr "repo.issues.new.assignees"}}</strong>
- <span class="octicon octicon-gear"></span>
- </span>
- <div class="filter menu">
- <div class="no-select item">{{.i18n.Tr "repo.issues.new.clear_assignees"}}</div>
- {{range .Assignees}}
- <div class="item" data-id="{{.ID}}" data-href="{{$.RepoLink}}/issues?assignee={{.ID}}" data-avatar="{{.RelAvatarLink}}"><img src="{{.RelAvatarLink}}"> {{.Name}}</div>
- {{end}}
- </div>
- </div>
- <div class="ui select-assignee list">
- <span class="no-select item {{if .Assignee}}hide{{end}}">{{.i18n.Tr "repo.issues.new.no_assignees"}}</span>
- <div class="selected">
- {{if .Assignee}}
- <a class="item" href="{{.RepoLink}}/issues?assignee={{.Assignee.ID}}"><img class="ui avatar image" src="{{.Assignee.RelAvatarLink}}"> {{.Assignee.Name}}</a>
- {{end}}
- </div>
- </div>-->
  </div>
  </div>
 </form>