-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix get reviewers' bug #32415
base: main
Are you sure you want to change the base?
Fix get reviewers' bug #32415
Conversation
services/pull/reviewer.go
Outdated
if repo.Owner.Visibility.IsLimited() && doerID == 0 { | ||
return nil, fmt.Errorf("permission denied") | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
permission check in services? not in router?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, why not. Because we need to load something and then check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First of all, the permission check I said above is the permission of access, not the permission of edit/update/create
For the access permission, if I understand correctly, the access control is in router or the handler, not in service.
The correct logic should be something like this I think:
router -> handler -x> services -> ...
↑ or ↑
access check
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And the permission check can be in another way, instead of finding all possible users and then check whether doer is in the results or not, just check whether user has the permission to access the repo(and PR?) directly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
This PR rewrites
GetReviewer
function and move it to service layer.Reviewers should not be watchers, so that this PR removed all watchers from reviewers. When the repository is under an organization, the pull request unit read permission will be checked to resolve the bug of #32394
Fix #32394