Skip to content

[API] incorrect permission values of repos if using notifications endpoints #19759

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
qwerty287 opened this issue May 19, 2022 · 3 comments · Fixed by #19761
Closed

[API] incorrect permission values of repos if using notifications endpoints #19759

qwerty287 opened this issue May 19, 2022 · 3 comments · Fixed by #19761
Labels
type/bug

Comments

@qwerty287
Copy link
Contributor

Description

Requesting a notification endpoint returns wrong values of the permission object.
It always looks like:

{
    "admin": false,
    "push": false,
    "pull": true
}

even if I own the repo where it should be

{
    "admin": true,
    "push": true,
    "pull": true
}

Gitea Version

1.17.0 (also on try.gitea.io)

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

build from source, from CLI

Database

No response
@zeripath
Copy link
Contributor

zeripath commented May 19, 2022
edited
Loading

a notification endpoint

Which one? I need an URL.

@qwerty287
Copy link
Contributor Author

Just the list endpoint for example <instance>/api/v1/notifications.

zeripath added a commit to zeripath/gitea that referenced this issue May 19, 2022
@zeripath
Nuke the incorrect permission report on /api/v1/notifications
4b987c0 
The permissions created in convertRepo use a minimal perm.AccessModeRead instead of
correctly computing the permission for the repository. This incorrect permission is
then reported to the user.

I do not believe that reporting the permissions is helpful and therefore I propose
we simply null these out. The user can check their permissions using a different
endpoint.

Fix go-gitea#19759

Signed-off-by: Andrew Thornton <[email protected]>
@zeripath zeripath mentioned this issue May 19, 2022
Merged
@zeripath
Copy link
Contributor

I think reporting the permission here is a mistake and we should not report it.

6543 pushed a commit that referenced this issue May 20, 2022
@zeripath
Nuke the incorrect permission report on /api/v1/notifications (#19761)
a9af93c 
The permissions created in convertRepo use a minimal perm.AccessModeRead instead of
correctly computing the permission for the repository. This incorrect permission is
then reported to the user.

I do not believe that reporting the permissions is helpful and therefore I propose
we simply null these out. The user can check their permissions using a different
endpoint.

Fix #19759

Signed-off-by: Andrew Thornton <[email protected]>
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this issue Aug 24, 2022
@zeripath @AbdulrhmnGhanem
Nuke the incorrect permission report on /api/v1/notifications (go-git…
5cbb19b 
…ea#19761)

The permissions created in convertRepo use a minimal perm.AccessModeRead instead of
correctly computing the permission for the repository. This incorrect permission is
then reported to the user.

I do not believe that reporting the permissions is helpful and therefore I propose
we simply null these out. The user can check their permissions using a different
endpoint.

Fix go-gitea#19759

Signed-off-by: Andrew Thornton <[email protected]>
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Nuke the incorrect permission report on /api/v1/notifications zeripath/gitea
2 participants
@zeripath @qwerty287