Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nuke the incorrect permission report on /api/v1/notifications #19761

Merged
merged 2 commits into from
May 20, 2022
Merged

Nuke the incorrect permission report on /api/v1/notifications #19761

merged 2 commits into from
May 20, 2022

Conversation

zeripath
Copy link
Contributor

The permissions created in convertRepo use a minimal perm.AccessModeRead instead of
correctly computing the permission for the repository. This incorrect permission is
then reported to the user.

I do not believe that reporting the permissions is helpful and therefore I propose
we simply null these out. The user can check their permissions using a different
endpoint.

Fix #19759

Signed-off-by: Andrew Thornton [email protected]

@zeripath
Nuke the incorrect permission report on /api/v1/notifications
4b987c0 
The permissions created in convertRepo use a minimal perm.AccessModeRead instead of
correctly computing the permission for the repository. This incorrect permission is
then reported to the user.

I do not believe that reporting the permissions is helpful and therefore I propose
we simply null these out. The user can check their permissions using a different
endpoint.

Fix go-gitea#19759

Signed-off-by: Andrew Thornton <[email protected]>
@zeripath zeripath added this to the 1.17.0 milestone May 19, 2022
@zeripath
Copy link
Contributor Author

Although a bug - I don't believe this is worth backporting to 1.16.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label May 19, 2022
@qwerty287
Copy link
Contributor

I'm not sure if this is the best way to fix it. Resolving permissions correctly would be much more useful for clients, and just returning null is a bad way for clients expecting the value. Even if they recognize it, they have to make a different request. Why not include it directly?

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels May 20, 2022
@6543
Copy link
Member

6543 commented May 20, 2022

I'm not sure if this is the best way to fix it. Resolving permissions correctly would be much more useful for clients, and just returning null is a bad way for clients expecting the value. Even if they recognize it, they have to make a different request. Why not include it directly?

this is a nixe quickfix - else we should cache repo permissions and calc them per repoID only once ... then assign it tho all of them as we nill them atm

@wxiaoguang wxiaoguang added the pr/breaking Merging this PR means builds will break. Needs a description what exactly breaks, and how to fix it! label May 20, 2022
wxiaoguang
wxiaoguang approved these changes May 20, 2022
View reviewed changes
Copy link
Contributor

@wxiaoguang wxiaoguang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, since the API result changed, maybe it could be marked as breaking. (marking as no-breaking is also fine to me)

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 20, 2022
6543
6543 requested changes May 20, 2022
View reviewed changes
Copy link
Member

@6543 6543 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as per #19761 (comment)

@6543 6543 added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. labels May 20, 2022
@qwerty287
Copy link
Contributor

If you think this is better, just merge it.

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 20, 2022
@6543
Copy link
Member

6543 commented May 20, 2022

...

@6543 6543 merged commit a9af93c into go-gitea:main May 20, 2022
@zeripath zeripath deleted the nuke-incorrect-permission branch May 20, 2022 18:55
zjjhot added a commit to zjjhot/gitea that referenced this pull request May 21, 2022
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
788c3c5 
* giteaofficial/main:
  Prevent NPE when cache service is disabled (go-gitea#19703)
  Detect truncated utf-8 characters at the end of content as still representing utf-8 (go-gitea#19773)
  Add silentcodeg to MAINTAINERS (go-gitea#19771)
  Allows repo search to match against "owner/repo" pattern strings (go-gitea#19754)
  Update JS dependencies (go-gitea#19767)
  Nuke the incorrect permission report on /api/v1/notifications (go-gitea#19761)
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this pull request Aug 24, 2022
@zeripath @AbdulrhmnGhanem
Nuke the incorrect permission report on /api/v1/notifications (go-git…
5cbb19b 
…ea#19761)

The permissions created in convertRepo use a minimal perm.AccessModeRead instead of
correctly computing the permission for the repository. This incorrect permission is
then reported to the user.

I do not believe that reporting the permissions is helpful and therefore I propose
we simply null these out. The user can check their permissions using a different
endpoint.

Fix go-gitea#19759

Signed-off-by: Andrew Thornton <[email protected]>
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@6543 6543 6543 approved these changes

@wxiaoguang wxiaoguang wxiaoguang approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. pr/breaking Merging this PR means builds will break. Needs a description what exactly breaks, and how to fix it! type/bug
Projects
None yet
Milestone
1.17.0
Development

Successfully merging this pull request may close these issues.

[API] incorrect permission values of repos if using notifications endpoints
5 participants
@zeripath @qwerty287 @6543 @wxiaoguang @GiteaBot