Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-02-15 03:42:53 +01:00
Code Issues Activity

..

Browse Source
This commit is contained in:
Excellencedev 2026-01-16 19:27:02 +01:00
parent 2317080cdd
commit 130b94b75c
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
routers/api/packages/api.go
View File

@ -90,6 +90,8 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {
// 2. If not, check cross-repo policy (currently only for Orgs).
taskID, ok := ctx.Data["ActionsTaskID"].(int64)
log.Error("DEBUG: reqPackageAccess: isActionsToken=%v, TaskID=%d", isActionsToken, taskID)
if ok && taskID > 0 {
task, err := actions_model.GetTaskByID(ctx, taskID)
if err != nil {
@ -118,6 +120,8 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {
}
}
log.Error("DEBUG: packageRepoID=%d, task.RepoID=%d", packageRepoID, task.RepoID)
if packageRepoID == 0 {
ctx.HTTPError(http.StatusForbidden, "reqPackageAccess", "Actions tokens cannot access packages not linked to a repository")
return
@ -157,6 +161,7 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {
// Cross-repository access: strictly Read-only even if token/policy allow more
grantedMode = perm.AccessModeRead
}
log.Error("DEBUG: grantedMode=%d, accessMode=%d", grantedMode, accessMode)
// If all security checks pass, ensure the context has at least the granted permission.
// This effectively "boosts" the Actions token's permissions for the targeted package.