ctx.Repo.CanWrite has ctx.User.IsAdmin in It

6543 · 6543 · commit fdf7965d31b8 · 2020-01-02T08:18:17.000+01:00
diff --git a/routers/api/v1/repo/issue_reaction.go b/routers/api/v1/repo/issue_reaction.go
@@ -55,7 +55,7 @@ func GetIssueCommentReactions(ctx *context.APIContext) {
 		return
 	}
 
-	if !ctx.Repo.CanRead(models.UnitTypeIssues) && !ctx.User.IsAdmin {
+	if !ctx.Repo.CanRead(models.UnitTypeIssues) {
 		ctx.Error(http.StatusForbidden, "GetIssueCommentReactions", errors.New("no permission to get reactions"))
 		return
 	}
@@ -179,7 +179,7 @@ func changeIssueCommentReaction(ctx *context.APIContext, form api.EditReactionOp
 		ctx.Error(http.StatusInternalServerError, "comment.LoadIssue() failed", err)
 	}
 
-	if comment.Issue.IsLocked && !ctx.Repo.CanWrite(models.UnitTypeIssues) && !ctx.User.IsAdmin {
+	if comment.Issue.IsLocked && !ctx.Repo.CanWrite(models.UnitTypeIssues) {
 		ctx.Error(http.StatusForbidden, "ChangeIssueCommentReaction", errors.New("no permission to change reaction"))
 		return
 	}
@@ -261,7 +261,7 @@ func GetIssueReactions(ctx *context.APIContext) {
 		return
 	}
 
-	if !ctx.Repo.CanRead(models.UnitTypeIssues) && !ctx.User.IsAdmin {
+	if !ctx.Repo.CanRead(models.UnitTypeIssues) {
 		ctx.Error(http.StatusForbidden, "GetIssueReactions", errors.New("no permission to get reactions"))
 		return
 	}
@@ -380,7 +380,7 @@ func changeIssueReaction(ctx *context.APIContext, form api.EditReactionOption, i
 		return
 	}
 
-	if issue.IsLocked && !ctx.Repo.CanWrite(models.UnitTypeIssues) && !ctx.User.IsAdmin {
+	if issue.IsLocked && !ctx.Repo.CanWrite(models.UnitTypeIssues) {
 		ctx.Error(http.StatusForbidden, "ChangeIssueCommentReaction", errors.New("no permission to change reaction"))
 		return
 	}

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ func GetIssueCommentReactions(ctx *context.APIContext) {`
`55`	`55`	`return`
`56`	`56`	`}`
`57`	`57`
`58`		`- if !ctx.Repo.CanRead(models.UnitTypeIssues) && !ctx.User.IsAdmin {`
	`58`	`+ if !ctx.Repo.CanRead(models.UnitTypeIssues) {`
`59`	`59`	`ctx.Error(http.StatusForbidden, "GetIssueCommentReactions", errors.New("no permission to get reactions"))`
`60`	`60`	`return`
`61`	`61`	`}`
`@@ -179,7 +179,7 @@ func changeIssueCommentReaction(ctx *context.APIContext, form api.EditReactionOp`
`179`	`179`	`ctx.Error(http.StatusInternalServerError, "comment.LoadIssue() failed", err)`
`180`	`180`	`}`
`181`	`181`
`182`		`- if comment.Issue.IsLocked && !ctx.Repo.CanWrite(models.UnitTypeIssues) && !ctx.User.IsAdmin {`
	`182`	`+ if comment.Issue.IsLocked && !ctx.Repo.CanWrite(models.UnitTypeIssues) {`
`183`	`183`	`ctx.Error(http.StatusForbidden, "ChangeIssueCommentReaction", errors.New("no permission to change reaction"))`
`184`	`184`	`return`
`185`	`185`	`}`
`@@ -261,7 +261,7 @@ func GetIssueReactions(ctx *context.APIContext) {`
`261`	`261`	`return`
`262`	`262`	`}`
`263`	`263`
`264`		`- if !ctx.Repo.CanRead(models.UnitTypeIssues) && !ctx.User.IsAdmin {`
	`264`	`+ if !ctx.Repo.CanRead(models.UnitTypeIssues) {`
`265`	`265`	`ctx.Error(http.StatusForbidden, "GetIssueReactions", errors.New("no permission to get reactions"))`
`266`	`266`	`return`
`267`	`267`	`}`
`@@ -380,7 +380,7 @@ func changeIssueReaction(ctx *context.APIContext, form api.EditReactionOption, i`
`380`	`380`	`return`
`381`	`381`	`}`
`382`	`382`
`383`		`- if issue.IsLocked && !ctx.Repo.CanWrite(models.UnitTypeIssues) && !ctx.User.IsAdmin {`
	`383`	`+ if issue.IsLocked && !ctx.Repo.CanWrite(models.UnitTypeIssues) {`
`384`	`384`	`ctx.Error(http.StatusForbidden, "ChangeIssueCommentReaction", errors.New("no permission to change reaction"))`
`385`	`385`	`return`
`386`	`386`	`}`