From 7849bd0ebf7032332e9accaa6a8678de39b7c33b Mon Sep 17 00:00:00 2001 From: yystopf Date: Tue, 21 Dec 2021 10:16:29 +0800 Subject: [PATCH 1/2] fix: remove pr permission --- app/controllers/pull_requests_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/pull_requests_controller.rb b/app/controllers/pull_requests_controller.rb index 284c894ba..bd9ae7701 100644 --- a/app/controllers/pull_requests_controller.rb +++ b/app/controllers/pull_requests_controller.rb @@ -56,7 +56,7 @@ class PullRequestsController < ApplicationController end def create - return normal_status(-1, "您不是目标分支开发者,没有权限,请联系目标分支作者.") unless @project.operator?(current_user) + # return normal_status(-1, "您不是目标分支开发者,没有权限,请联系目标分支作者.") unless @project.operator?(current_user) ActiveRecord::Base.transaction do @pull_request, @gitea_pull_request = PullRequests::CreateService.call(current_user, @owner, @project, params) if @gitea_pull_request[:status] == :success From 45a77e5c0798b32698a7122516e5ed59a98daa7f Mon Sep 17 00:00:00 2001 From: yystopf Date: Tue, 21 Dec 2021 14:24:27 +0800 Subject: [PATCH 2/2] fix: readme private file path use authorize --- app/helpers/repositories_helper.rb | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/app/helpers/repositories_helper.rb b/app/helpers/repositories_helper.rb index 21ab6fb4a..7eaf5fbda 100644 --- a/app/helpers/repositories_helper.rb +++ b/app/helpers/repositories_helper.rb @@ -45,7 +45,7 @@ module RepositoriesHelper end end - def readme_render_decode64_content(str, path) + def readme_render_decode64_content(str, owner, repo, ref) return nil if str.blank? begin content = Base64.decode64(str).force_encoding('UTF-8') @@ -63,13 +63,14 @@ module RepositoriesHelper if remove_title.length > 0 r_content = r_content.gsub(/#{remove_title[0]}/, "").strip end - if r_content.include?("?") - new_r_content = r_content + "&raw=true" - else - new_r_content = r_content + "?raw=true" - end + # if r_content.include?("?") + # new_r_content = r_content + "&raw=true" + # else + # new_r_content = r_content + "?raw=true" + # end unless r_content.include?("http://") || r_content.include?("https://") || r_content.include?("mailto:") - new_r_content = "#{path}" + new_r_content + # new_r_content = "#{path}" + new_r_content + new_r_content = [base_url, "/api/#{owner&.login}/#{repo.identifier}/raw?filepath=#{r_content}&ref=#{ref}"].join end content = content.gsub(/#{r_content}/, new_r_content) end @@ -94,7 +95,7 @@ module RepositoriesHelper def decode64_content(entry, owner, repo, ref, path=nil) if is_readme?(entry['type'], entry['name']) content = Gitea::Repository::Entries::GetService.call(owner, repo.identifier, URI.escape(entry['path']), ref: ref)['content'] - readme_render_decode64_content(content, path) + readme_render_decode64_content(content, owner, repo, ref) else file_type = File.extname(entry['name'].to_s)[1..-1] if image_type?(file_type)