Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-12-11 06:34:39 +01:00
Code Issues Activity

Remove redundant Repo.CanWrite checks from action handlers - permissions are enforced at route level

Browse Source
This commit is contained in:
Ross Golder 2025-10-23 22:22:55 +07:00
parent 31cb3617a3
commit 0657d25583
No known key found for this signature in database
GPG Key ID: 253A7E508D2D59CD
1 changed files with 0 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
routers/api/v1/repo/actions_run.go
View File

@ -107,11 +107,6 @@ func RerunWorkflowRun(ctx *context.APIContext) {
// "404": // "404":
// "$ref": "#/responses/notFound" // "$ref": "#/responses/notFound"
if !ctx.Repo.CanWrite(unit.TypeActions) {
ctx.APIError(403, "User does not have write access to actions")
return
}
_, run, err := getRunID(ctx) _, run, err := getRunID(ctx)
if err != nil { if err != nil {
if errors.Is(err, util.ErrNotExist) { if errors.Is(err, util.ErrNotExist) {
@ -192,11 +187,6 @@ func CancelWorkflowRun(ctx *context.APIContext) {
// "404": // "404":
// "$ref": "#/responses/notFound" // "$ref": "#/responses/notFound"
if !ctx.Repo.CanWrite(unit.TypeActions) {
ctx.APIError(403, "User does not have write access to actions")
return
}
runID, _, err := getRunID(ctx) runID, _, err := getRunID(ctx)
if err != nil { if err != nil {
if errors.Is(err, util.ErrNotExist) { if errors.Is(err, util.ErrNotExist) {
@ -293,11 +283,6 @@ func ApproveWorkflowRun(ctx *context.APIContext) {
// "404": // "404":
// "$ref": "#/responses/notFound" // "$ref": "#/responses/notFound"
if !ctx.Repo.CanWrite(unit.TypeActions) {
ctx.APIError(403, "User does not have write access to actions")
return
}
runID, _, err := getRunID(ctx) runID, _, err := getRunID(ctx)
if err != nil { if err != nil {
if errors.Is(err, util.ErrNotExist) { if errors.Is(err, util.ErrNotExist) {
@ -396,11 +381,6 @@ func RerunWorkflowJob(ctx *context.APIContext) {
// "404": // "404":
// "$ref": "#/responses/notFound" // "$ref": "#/responses/notFound"
if !ctx.Repo.CanWrite(unit.TypeActions) {
ctx.APIError(403, "User does not have write access to actions")
return
}
runID, _, err := getRunID(ctx) runID, _, err := getRunID(ctx)
if err != nil { if err != nil {
if errors.Is(err, util.ErrNotExist) { if errors.Is(err, util.ErrNotExist) {