(refs #1286) Bugfix

2025-11-15 18:05:50 +01:00 · 2016-11-08 02:28:50 +09:00
parent d70c6cece7
commit 9eb9fc666c
4 changed files with 22 additions and 17 deletions
--- a/src/main/scala/gitbucket/core/controller/IssuesController.scala
+++ b/src/main/scala/gitbucket/core/controller/IssuesController.scala
@@ -78,6 +78,7 @@ trait IssuesControllerBase extends ControllerBase {
  })

  get("/:owner/:repository/issues/new")(readableUsersOnly { repository =>
+    if(isEditable(repository)){ // TODO Should this check is provided by authenticator?
      defining(repository.owner, repository.name){ case (owner, name) =>
        html.create(
          getAssignableUserNames(owner, name),
@@ -86,13 +87,13 @@ trait IssuesControllerBase extends ControllerBase {
          hasWritePermission(owner, name, context.loginAccount),
          repository)
      }
+    } else Unauthorized()
  })

  post("/:owner/:repository/issues/new", issueCreateForm)(readableUsersOnly { (form, repository) =>
+    if(isEditable(repository)){ // TODO Should this check is provided by authenticator?
      defining(repository.owner, repository.name){ case (owner, name) =>
        val manageable = isManageable(repository)
-      val editable = isEditable(repository)
-      if(editable) {
        val userName = context.loginAccount.get.userName

        // insert issue
@@ -129,8 +130,8 @@ trait IssuesControllerBase extends ControllerBase {
        }

        redirect(s"/${owner}/${name}/issues/${issueId}")
-      } else Unauthorized()
      }
+    } else Unauthorized()
  })

  ajaxPost("/:owner/:repository/issues/edit_title/:id", issueTitleEditForm)(readableUsersOnly { (title, repository) =>
--- a/src/main/scala/gitbucket/core/service/RepositoryService.scala
+++ b/src/main/scala/gitbucket/core/service/RepositoryService.scala
@@ -38,7 +38,7 @@ trait RepositoryService { self: AccountService =>
        parentUserName       = parentUserName,
        parentRepositoryName = parentRepositoryName,
        options              = RepositoryOptions(
-          issuesOption         = "PRIVATE", // TODO DISABLE for the forked repository?
+          issuesOption         = "PUBLIC", // TODO DISABLE for the forked repository?
          externalIssuesUrl    = None,
          wikiOption           = "PUBLIC", // TODO DISABLE for the forked repository?
          externalWikiUrl      = None,
--- a/src/main/scala/gitbucket/core/util/Authenticator.scala
+++ b/src/main/scala/gitbucket/core/util/Authenticator.scala
@@ -90,6 +90,8 @@ trait AdminAuthenticator { self: ControllerBase =>

 /**
 * Allows only collaborators and administrators.
+ *
+ * TODO This authenticator should be renamed.
 */
 trait CollaboratorsAuthenticator { self: ControllerBase with RepositoryService with AccountService =>
  protected def collaboratorsOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
--- a/src/main/twirl/gitbucket/core/issues/issue.scala.html
+++ b/src/main/twirl/gitbucket/core/issues/issue.scala.html
@@ -15,7 +15,9 @@
        @if(isManageable || context.loginAccount.map(_.userName == issue.openedUserName).getOrElse(false)){
          <a class="btn btn-default" href="#" id="edit">Edit</a>
        }
+        @if(isEditable){
          <a class="btn btn-success" href="@helpers.url(repository)/issues/new">New issue</a>
+        }
      </div>
      <div class="edit-title pull-right" style="display: none;">
        <a class="btn btn-success" href="#" id="update">Save</a>  <a class="btn btn-default" href="#" id="cancel">Cancel</a>
@@ -57,7 +59,7 @@
    </div>
  }
 }
-<script>
+<script><script>
 $(function(){
  $('#edit').click(function(){
    $('.edit-title').show();