From 793b45d1d6d2fe91281c870a2ad820c428545579 Mon Sep 17 00:00:00 2001
From: t-h-i-s <233791980+t-h-i-s@users.noreply.github.com>
Date: Thu, 25 Sep 2025 14:58:07 +0200
Subject: [PATCH] routers/api/v1/repo/issue.go: prohibit set of due date for
 restricted users in swagger API

---
 routers/api/v1/repo/issue.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go
index b11e889eb5..22b7bda6ac 100644
--- a/routers/api/v1/repo/issue.go
+++ b/routers/api/v1/repo/issue.go
@@ -845,6 +845,11 @@ func EditIssue(ctx *context.APIContext) {
 
 	// Update or remove the deadline, only if set and allowed
 	if (form.Deadline != nil || form.RemoveDeadline != nil) && canWrite {
+		if ctx.Doer.IsRestricted && !setting.RestrictedUser.AllowEditDueDate {
+			ctx.APIError(http.StatusForbidden, "restricted users cannot modify due dates")
+			return
+		}
+
 		var deadlineUnix timeutil.TimeStamp
 
 		if form.RemoveDeadline == nil || !*form.RemoveDeadline {