Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix permissions for Token DELETE endpoint to match GET and POST #27610

Merged
merged 2 commits into from
Oct 14, 2023
Merged

Fix permissions for Token DELETE endpoint to match GET and POST #27610

merged 2 commits into from
Oct 14, 2023

Conversation

evantobin
Copy link
Contributor

@evantobin evantobin commented Oct 13, 2023
edited
Loading

Fixes #27598

In #27080, the logic for the tokens endpoints were updated to allow admins to create and view tokens in other accounts. However, the same functionality was not added to the DELETE endpoint. This PR makes the DELETE endpoint function the same as the other token endpoints and adds unit tests

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Oct 13, 2023
@pull-request-size pull-request-size bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Oct 13, 2023
@github-actions github-actions bot added the modifies/api This PR adds API routes or modifies them label Oct 13, 2023
@evantobin evantobin changed the title Fix permissions for Token DELETE endpoint to match Fix permissions for Token DELETE endpoint to match GET and POST Oct 13, 2023
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Oct 14, 2023
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Oct 14, 2023
@6543 6543 added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Oct 14, 2023
@6543 6543 enabled auto-merge (squash) October 14, 2023 07:30
@6543 6543 merged commit ae419fa into go-gitea:main Oct 14, 2023
25 checks passed
@GiteaBot GiteaBot added this to the 1.22.0 milestone Oct 14, 2023
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Oct 14, 2023
zjjhot added a commit to zjjhot/gitea that referenced this pull request Oct 16, 2023
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
6454a58 
* giteaofficial/main:
  [skip ci] Updated licenses and gitignores
  Improve retrying index issues (go-gitea#27554)
  Replace more db.DefaultContext (go-gitea#27628)
  Fix 404 when there is an internal version of package (go-gitea#27615)
  [skip ci] Updated translations via Crowdin
  Add anchor to review types (go-gitea#26894)
  Update readme to remove drone svg (go-gitea#27624)
  Change the default branch in the agit docs (go-gitea#27621)
  Final round of `db.DefaultContext` refactor (go-gitea#27587)
  Fix permissions for Token DELETE endpoint to match GET and POST (go-gitea#27610)
  Enhanced auth token / remember me (go-gitea#27606)
  [skip ci] Updated translations via Crowdin
  rm outdated docs from some languages (go-gitea#27530)
  Upgrade go dependencies (go-gitea#27599)
  Fix build errors on BSD (in BSDMakefile) (go-gitea#27594)
  Enable shorthands in `declaration-strict-value` linter (go-gitea#27597)
  [skip ci] Updated translations via Crowdin
  Make disk clean action a bit more robust (go-gitea#27590)
@wxiaoguang wxiaoguang added the backport/v1.21 This PR should be backported to Gitea 1.21 label Nov 16, 2023
@GiteaBot GiteaBot mentioned this pull request Nov 17, 2023
Merged
GiteaBot pushed a commit to GiteaBot/gitea that referenced this pull request Nov 17, 2023
@evantobin @GiteaBot
Fix permissions for Token DELETE endpoint to match GET and POST (go-g…
99b18f8 
…itea#27610)

Fixes go-gitea#27598

In go-gitea#27080, the logic for the tokens endpoints were updated to allow
admins to create and view tokens in other accounts. However, the same
functionality was not added to the DELETE endpoint. This PR makes the
DELETE endpoint function the same as the other token endpoints and adds unit tests
@GiteaBot GiteaBot added the backport/done All backports for this PR have been created label Nov 17, 2023
lunny pushed a commit that referenced this pull request Nov 17, 2023
@GiteaBot @evantobin
Fix permissions for Token DELETE endpoint to match GET and POST (#27610
93ede4b 
…) (#28099)

Backport #27610 by @evantobin

Fixes #27598

In #27080, the logic for the tokens endpoints were updated to allow
admins to create and view tokens in other accounts. However, the same
functionality was not added to the DELETE endpoint. This PR makes the
DELETE endpoint function the same as the other token endpoints and adds
unit tests

Co-authored-by: Evan Tobin <me@evantob.in>
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Jan 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lng2020 lng2020 lng2020 approved these changes

@CaiCandong CaiCandong CaiCandong approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created backport/v1.21 This PR should be backported to Gitea 1.21 lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
1.22.0
Development

Successfully merging this pull request may close these issues.

Token Deletion Endpoint Ignores Specified Account
6 participants
@evantobin @CaiCandong @lng2020 @wxiaoguang @GiteaBot @6543