From 04771b5ff79152a47aecce4b2b445daa4a96da33 Mon Sep 17 00:00:00 2001 From: Zettat123 Date: Fri, 1 Sep 2023 23:35:38 +0800 Subject: [PATCH] Allow users with write permissions for issues to add attachments with API (#26837) Fixes #24944 Since a user with write permissions for issues can add attachments to an issue via the the web interface, the user should also be able to add attachments via the API --- routers/api/v1/repo/issue_attachment.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/api/v1/repo/issue_attachment.go b/routers/api/v1/repo/issue_attachment.go index ad83c206d..c689e70a0 100644 --- a/routers/api/v1/repo/issue_attachment.go +++ b/routers/api/v1/repo/issue_attachment.go @@ -344,7 +344,7 @@ func getIssueAttachmentSafeRead(ctx *context.APIContext, issue *issues_model.Iss } func canUserWriteIssueAttachment(ctx *context.APIContext, issue *issues_model.Issue) bool { - canEditIssue := ctx.IsSigned && (ctx.Doer.ID == issue.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin()) && ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) + canEditIssue := ctx.IsSigned && (ctx.Doer.ID == issue.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin() || ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) if !canEditIssue { ctx.Error(http.StatusForbidden, "", "user should have permission to write issue") return false