Fix API for edit and delete release attachment (#8290)

* Add logging for when user requested attachment doesn't belong to the specified release.

* Fix API to use correct variable for release asset (attachment)
This commit is contained in:
David Svantesson 2019-09-26 15:16:47 +02:00 committed by Lunny Xiao
parent e51d91a258
commit 7156e2a71a
1 changed files with 6 additions and 2 deletions

View File

@ -11,6 +11,7 @@ import (
"code.gitea.io/gitea/models" "code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/setting"
api "code.gitea.io/gitea/modules/structs" api "code.gitea.io/gitea/modules/structs"
@ -57,6 +58,7 @@ func GetReleaseAttachment(ctx *context.APIContext) {
return return
} }
if attach.ReleaseID != releaseID { if attach.ReleaseID != releaseID {
log.Info("User requested attachment is not in release, release_id %v, attachment_id: %v", releaseID, attachID)
ctx.NotFound() ctx.NotFound()
return return
} }
@ -256,13 +258,14 @@ func EditReleaseAttachment(ctx *context.APIContext, form api.EditAttachmentOptio
// Check if release exists an load release // Check if release exists an load release
releaseID := ctx.ParamsInt64(":id") releaseID := ctx.ParamsInt64(":id")
attachID := ctx.ParamsInt64(":attachment") attachID := ctx.ParamsInt64(":asset")
attach, err := models.GetAttachmentByID(attachID) attach, err := models.GetAttachmentByID(attachID)
if err != nil { if err != nil {
ctx.Error(500, "GetAttachmentByID", err) ctx.Error(500, "GetAttachmentByID", err)
return return
} }
if attach.ReleaseID != releaseID { if attach.ReleaseID != releaseID {
log.Info("User requested attachment is not in release, release_id %v, attachment_id: %v", releaseID, attachID)
ctx.NotFound() ctx.NotFound()
return return
} }
@ -313,13 +316,14 @@ func DeleteReleaseAttachment(ctx *context.APIContext) {
// Check if release exists an load release // Check if release exists an load release
releaseID := ctx.ParamsInt64(":id") releaseID := ctx.ParamsInt64(":id")
attachID := ctx.ParamsInt64(":attachment") attachID := ctx.ParamsInt64(":asset")
attach, err := models.GetAttachmentByID(attachID) attach, err := models.GetAttachmentByID(attachID)
if err != nil { if err != nil {
ctx.Error(500, "GetAttachmentByID", err) ctx.Error(500, "GetAttachmentByID", err)
return return
} }
if attach.ReleaseID != releaseID { if attach.ReleaseID != releaseID {
log.Info("User requested attachment is not in release, release_id %v, attachment_id: %v", releaseID, attachID)
ctx.NotFound() ctx.NotFound()
return return
} }