forgejo/services
Gusted 0ca5b8496b fix: check read permissions for code owner review requests
- Only send a review request based on the code owner file if the code
owner user has read permissions to the pull requests of that repository.
- This avoids leaking title of PRs from private repository when a
CODEOWNER file is present which contains users that do not have access
to the private repository.
- Found by @oliverpool.
- Integration test added.

(cherry picked from commit 693f7731f9)
2024-11-17 19:19:11 +00:00
..
actions fix: Actions PR workflows must update the commit status 2024-11-04 14:10:27 +00:00
agit fix(agit): run full pr checks on force-push 2024-08-12 09:00:41 +02:00
asymkey Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
attachment Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
auth bug: correctly generate oauth2 jwt signing key 2024-11-16 17:07:01 +00:00
automerge Fix agit automerge (#31207) 2024-08-25 10:47:37 +02:00
context fix: extend forgejo_auth_token table 2024-11-15 11:33:17 +01:00
contexttest [TESTS] Fix usage of LoadRepoCommit 2024-08-26 08:03:48 +02:00
convert Fix /repos/{owner}/{repo}/pulls/{index}/files endpoint not populating previous_filename (#32017) 2024-09-14 17:53:55 +02:00
cron Clear up old Actions logs (#31735) 2024-08-04 18:24:10 +02:00
doctor fix: extend forgejo_auth_token table 2024-11-15 11:33:17 +01:00
externalaccount allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-22 15:44:13 +02:00
f3 feat: upgrade F3 to v3.7.0 2024-08-18 19:39:20 +02:00
federation feat: access ActivityPub client through interfaces to facilitate mocking in unit tests (#4853) 2024-08-07 05:45:24 +00:00
feed Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
forgejo Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
forms [FEAT] Allow pushmirror to use publickey authentication 2024-08-22 17:05:07 +02:00
gitdiff feat: Improve diff being generated 2024-08-26 13:58:17 +02:00
indexer Update issue indexer after merging a PR (#30715) 2024-05-12 20:03:10 +02:00
issue fix: check read permissions for code owner review requests 2024-11-17 19:19:11 +00:00
lfs feat(quota): Quota enforcement 2024-08-02 11:10:34 +02:00
mailer fix: extend forgejo_auth_token table 2024-11-15 11:33:17 +01:00
markup Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
migrations fix: support www.github.com for migrations 2024-11-03 17:28:30 +00:00
mirror [FEAT] Allow pushmirror to use publickey authentication 2024-08-22 17:05:07 +02:00
notify Clean up log messages (#30313) 2024-04-15 20:01:35 +02:00
org Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
packages fix arch pkg 2024-10-21 05:10:13 +00:00
pull Fix the logic of finding the latest pull review commit ID (#32139) 2024-10-06 11:34:08 +02:00
release Handle invalid target when creating releases using API (#31841) 2024-09-14 18:45:18 +02:00
remote Enable unparam linter (#31277) 2024-06-16 13:42:58 +02:00
repository security: add permission check to 'delete branch after merge' 2024-10-28 06:04:45 +00:00
secrets Refactor deletion (#28610) 2023-12-25 21:25:29 +01:00
task feat(quota): Quota enforcement 2024-08-02 11:10:34 +02:00
uinotification Penultimate round of db.DefaultContext refactor (#27414) 2023-10-11 04:24:07 +00:00
user fix: extend forgejo_auth_token table 2024-11-15 11:33:17 +01:00
webhook fix: improve discord webhook api conformance 2024-10-09 16:07:34 +00:00
wiki Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00