Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix to allow comment poster to edit or delete his own comments #11671

Merged
merged 11 commits into from
Jun 5, 2020
Merged

Fix to allow comment poster to edit or delete his own comments #11671

merged 11 commits into from
Jun 5, 2020

Conversation

a1012112796
Copy link
Member

Now the ui only allow poster to update or delet comment, which is not reasonable and different with handle logic, this pr change it to allow poster of comment do it.

ref code:

gitea/routers/repo/issue.go

Line 1636 in e895517

if !ctx.IsSigned || (ctx.User.ID != comment.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {

gitea/routers/repo/issue.go

Line 1681 in e895517

if !ctx.IsSigned || (ctx.User.ID != comment.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {

fix #11663

@a1012112796
bug: fix comment update permision check
c91304f 
No the ui only allow poster to update or delet comment, which
is not reasonable and different with handle logic, this pr
change it to allow poster of comment do it

ref code:
https://github.com/go-gitea/gitea/blob/e8955173a9be1acaa9a3755c37b6059422acda20/routers/repo/issue.go#L1636

https://github.com/go-gitea/gitea/blob/e8955173a9be1acaa9a3755c37b6059422acda20/routers/repo/issue.go#L1681

fix go-gitea#11663

Signed-off-by: a1012112796 <[email protected]>
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label May 29, 2020
lafriks
lafriks requested changes May 29, 2020
View reviewed changes
Copy link
Member

@lafriks lafriks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it should be better to add function to context.go:

// IsUser returns true if current user is specified one
func (ctx *Context) IsUser(id int64) bool {
	return ctx.IsSigned && (ctx.User.ID == id)
}

templates/repo/diff/comments.tmpl Outdated Show resolved Hide resolved
@lafriks lafriks added this to the 1.13.0 milestone May 29, 2020
@lafriks lafriks changed the title bug: fix comment update permision check Fix to allow comment poster to edit or delete his own comments May 29, 2020
@a1012112796
Copy link
Member Author

@lafriks I think this style is simpler. Do you think so? Thanks.

@lafriks
Copy link
Member

lafriks commented May 29, 2020

Yes, loogs good now

@lafriks
Copy link
Member

lafriks commented May 29, 2020
edited

What needs to be verified is if SignedUserID for unauthorized user does not equals to ghost/deleted or imported user comment poster id

zeripath
zeripath reviewed May 29, 2020
View reviewed changes
templates/repo/diff/comments.tmpl Outdated Show resolved Hide resolved
templates/repo/issue/view_content/comments.tmpl Outdated Show resolved Hide resolved
@a1012112796
Copy link
Member Author

Please review, Thanks :)

@6543
Copy link
Member

6543 commented Jun 4, 2020

didnt this worked before too?!?

@a1012112796
Copy link
Member Author

didnt this worked before too?!?

No, I have checked, Sadly it can't because of a difference between template file and golang file. Maybe you haven't focused on it because you are admin :) , Thanks

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jun 4, 2020
@lafriks
Copy link
Member

lafriks commented Jun 4, 2020

make lg-tm work

@lafriks
Copy link
Member

lafriks commented Jun 5, 2020

make it work

@lafriks lafriks merged commit 17f8de7 into go-gitea:master Jun 5, 2020
@lafriks
Copy link
Member

lafriks commented Jun 5, 2020

Please send backport

@a1012112796 a1012112796 deleted the fix_comment_update_perm branch June 5, 2020 14:43
a1012112796 added a commit to a1012112796/gitea that referenced this pull request Jun 5, 2020
@a1012112796 @zeripath @lafriks
Fix to allow comment poster to edit or delete his own comments (go-gi…
ccf3a91 
…tea#11671)

* bug: fix comment update permision check

No the ui only allow poster to update or delet comment, which
is not reasonable and different with handle logic, this pr
change it to allow poster of comment do it

ref code:
https://github.com/go-gitea/gitea/blob/e8955173a9be1acaa9a3755c37b6059422acda20/routers/repo/issue.go#L1636

https://github.com/go-gitea/gitea/blob/e8955173a9be1acaa9a3755c37b6059422acda20/routers/repo/issue.go#L1681

fix go-gitea#11663

Signed-off-by: a1012112796 <[email protected]>

* simplify code

* fix sign in

Co-authored-by: zeripath <[email protected]>
Co-authored-by: Lauris BH <[email protected]>
@a1012112796 a1012112796 mentioned this pull request Jun 5, 2020
Merged
@techknowlogick techknowlogick added the backport/done All backports for this PR have been created label Jun 5, 2020
techknowlogick pushed a commit that referenced this pull request Jun 6, 2020
@a1012112796 @zeripath @lafriks
Fix to allow comment poster to edit or delete his own comments (#11671)…
821570c 
… (#11774)

* bug: fix comment update permision check

No the ui only allow poster to update or delet comment, which
is not reasonable and different with handle logic, this pr
change it to allow poster of comment do it

ref code:
https://github.com/go-gitea/gitea/blob/e8955173a9be1acaa9a3755c37b6059422acda20/routers/repo/issue.go#L1636

https://github.com/go-gitea/gitea/blob/e8955173a9be1acaa9a3755c37b6059422acda20/routers/repo/issue.go#L1681

fix #11663

Signed-off-by: a1012112796 <[email protected]>

* simplify code

* fix sign in

Co-authored-by: zeripath <[email protected]>
Co-authored-by: Lauris BH <[email protected]>

Co-authored-by: zeripath <[email protected]>
Co-authored-by: Lauris BH <[email protected]>
ydelafollye pushed a commit to ydelafollye/gitea that referenced this pull request Jul 31, 2020
@a1012112796 @zeripath @lafriks
Fix to allow comment poster to edit or delete his own comments (go-gi…
dd5983f 
…tea#11671)

* bug: fix comment update permision check

No the ui only allow poster to update or delet comment, which
is not reasonable and different with handle logic, this pr
change it to allow poster of comment do it

ref code:
https://github.com/go-gitea/gitea/blob/e8955173a9be1acaa9a3755c37b6059422acda20/routers/repo/issue.go#L1636

https://github.com/go-gitea/gitea/blob/e8955173a9be1acaa9a3755c37b6059422acda20/routers/repo/issue.go#L1681

fix go-gitea#11663

Signed-off-by: a1012112796 <[email protected]>

* simplify code

* fix sign in

Co-authored-by: zeripath <[email protected]>
Co-authored-by: Lauris BH <[email protected]>
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@zeripath zeripath zeripath left review comments

@lafriks lafriks lafriks approved these changes

@6543 6543 6543 approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Milestone
1.13.0
Development

Successfully merging this pull request may close these issues.

Allow users to edit their own comments, without needing full Write permission
6 participants
@a1012112796 @lafriks @6543 @zeripath @techknowlogick @GiteaBot