Skip to content

Commit

Permalink
Only delete secrets belonging to its owner (go-gitea#24284)
Browse files Browse the repository at this point in the history
  • Loading branch information
KN4CK3R authored and GiteaBot committed Apr 23, 2023
1 parent 077160b commit adc774c
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 2 deletions.
2 changes: 2 additions & 0 deletions routers/web/org/setting_secrets.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ func SecretsPost(ctx *context.Context) {
func SecretsDelete(ctx *context.Context) {
shared.PerformSecretsDelete(
ctx,
ctx.ContextUser.ID,
0,
ctx.Org.OrgLink+"/settings/secrets",
)
}
2 changes: 2 additions & 0 deletions routers/web/repo/setting_secrets.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,8 @@ func SecretsPost(ctx *context.Context) {
func DeleteSecret(ctx *context.Context) {
shared.PerformSecretsDelete(
ctx,
0,
ctx.Repo.Repository.ID,
ctx.Repo.RepoLink+"/settings/secrets",
)
}
4 changes: 2 additions & 2 deletions routers/web/shared/secrets/secrets.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,10 @@ func PerformSecretsPost(ctx *context.Context, ownerID, repoID int64, redirectURL
ctx.Redirect(redirectURL)
}

func PerformSecretsDelete(ctx *context.Context, redirectURL string) {
func PerformSecretsDelete(ctx *context.Context, ownerID, repoID int64, redirectURL string) {
id := ctx.FormInt64("id")

if _, err := db.DeleteByBean(ctx, &secret_model.Secret{ID: id}); err != nil {
if _, err := db.DeleteByBean(ctx, &secret_model.Secret{ID: id, OwnerID: ownerID, RepoID: repoID}); err != nil {
log.Error("Delete secret %d failed: %v", id, err)
ctx.Flash.Error(ctx.Tr("secrets.deletion.failed"))
} else {
Expand Down
2 changes: 2 additions & 0 deletions routers/web/user/setting/secrets.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ func SecretsPost(ctx *context.Context) {
func SecretsDelete(ctx *context.Context) {
shared.PerformSecretsDelete(
ctx,
ctx.Doer.ID,
0,
setting.AppSubURL+"/user/settings/secrets",
)
}

0 comments on commit adc774c

Please sign in to comment.