afan
/
gitea
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull Requests 0 Versões 0 Wiki Atividade
gitea源码
3 Commits
2 Branches
Tag: 6d2efddf43
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 6d2efddf43
${ noResults }
gitea/routers/api/v1/repo/issue_attachment.go

issue_attachment.go 10KB
Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package repo

  5. 

  6. import (

  7. 	"net/http"

  8. 

  9. 	issues_model "code.gitea.io/gitea/models/issues"

  10. 	repo_model "code.gitea.io/gitea/models/repo"

  11. 	"code.gitea.io/gitea/modules/log"

  12. 	"code.gitea.io/gitea/modules/setting"

  13. 	api "code.gitea.io/gitea/modules/structs"

  14. 	"code.gitea.io/gitea/modules/web"

  15. 	attachment_service "code.gitea.io/gitea/services/attachment"

  16. 	"code.gitea.io/gitea/services/context"

  17. 	"code.gitea.io/gitea/services/context/upload"

  18. 	"code.gitea.io/gitea/services/convert"

  19. 	issue_service "code.gitea.io/gitea/services/issue"

  20. )

  21. 

  22. // GetIssueAttachment gets a single attachment of the issue

  23. func GetIssueAttachment(ctx *context.APIContext) {

  24. 	// swagger:operation GET /repos/{owner}/{repo}/issues/{index}/assets/{attachment_id} issue issueGetIssueAttachment

  25. 	// ---

  26. 	// summary: Get an issue attachment

  27. 	// produces:

  28. 	// - application/json

  29. 	// parameters:

  30. 	// - name: owner

  31. 	//   in: path

  32. 	//   description: owner of the repo

  33. 	//   type: string

  34. 	//   required: true

  35. 	// - name: repo

  36. 	//   in: path

  37. 	//   description: name of the repo

  38. 	//   type: string

  39. 	//   required: true

  40. 	// - name: index

  41. 	//   in: path

  42. 	//   description: index of the issue

  43. 	//   type: integer

  44. 	//   format: int64

  45. 	//   required: true

  46. 	// - name: attachment_id

  47. 	//   in: path

  48. 	//   description: id of the attachment to get

  49. 	//   type: integer

  50. 	//   format: int64

  51. 	//   required: true

  52. 	// responses:

  53. 	//   "200":

  54. 	//     "$ref": "#/responses/Attachment"

  55. 	//   "404":

  56. 	//     "$ref": "#/responses/error"

  57. 

  58. 	issue := getIssueFromContext(ctx)

  59. 	if issue == nil {

  60. 		return

  61. 	}

  62. 

  63. 	attach := getIssueAttachmentSafeRead(ctx, issue)

  64. 	if attach == nil {

  65. 		return

  66. 	}

  67. 

  68. 	ctx.JSON(http.StatusOK, convert.ToAPIAttachment(ctx.Repo.Repository, attach))

  69. }

  70. 

  71. // ListIssueAttachments lists all attachments of the issue

  72. func ListIssueAttachments(ctx *context.APIContext) {

  73. 	// swagger:operation GET /repos/{owner}/{repo}/issues/{index}/assets issue issueListIssueAttachments

  74. 	// ---

  75. 	// summary: List issue's attachments

  76. 	// produces:

  77. 	// - application/json

  78. 	// parameters:

  79. 	// - name: owner

  80. 	//   in: path

  81. 	//   description: owner of the repo

  82. 	//   type: string

  83. 	//   required: true

  84. 	// - name: repo

  85. 	//   in: path

  86. 	//   description: name of the repo

  87. 	//   type: string

  88. 	//   required: true

  89. 	// - name: index

  90. 	//   in: path

  91. 	//   description: index of the issue

  92. 	//   type: integer

  93. 	//   format: int64

  94. 	//   required: true

  95. 	// responses:

  96. 	//   "200":

  97. 	//     "$ref": "#/responses/AttachmentList"

  98. 	//   "404":

  99. 	//     "$ref": "#/responses/error"

  100. 

  101. 	issue := getIssueFromContext(ctx)

  102. 	if issue == nil {

  103. 		return

  104. 	}

  105. 

  106. 	if err := issue.LoadAttributes(ctx); err != nil {

  107. 		ctx.APIErrorInternal(err)

  108. 		return

  109. 	}

  110. 

  111. 	ctx.JSON(http.StatusOK, convert.ToAPIIssue(ctx, ctx.Doer, issue).Attachments)

  112. }

  113. 

  114. // CreateIssueAttachment creates an attachment and saves the given file

  115. func CreateIssueAttachment(ctx *context.APIContext) {

  116. 	// swagger:operation POST /repos/{owner}/{repo}/issues/{index}/assets issue issueCreateIssueAttachment

  117. 	// ---

  118. 	// summary: Create an issue attachment

  119. 	// produces:

  120. 	// - application/json

  121. 	// consumes:

  122. 	// - multipart/form-data

  123. 	// parameters:

  124. 	// - name: owner

  125. 	//   in: path

  126. 	//   description: owner of the repo

  127. 	//   type: string

  128. 	//   required: true

  129. 	// - name: repo

  130. 	//   in: path

  131. 	//   description: name of the repo

  132. 	//   type: string

  133. 	//   required: true

  134. 	// - name: index

  135. 	//   in: path

  136. 	//   description: index of the issue

  137. 	//   type: integer

  138. 	//   format: int64

  139. 	//   required: true

  140. 	// - name: name

  141. 	//   in: query

  142. 	//   description: name of the attachment

  143. 	//   type: string

  144. 	//   required: false

  145. 	// - name: attachment

  146. 	//   in: formData

  147. 	//   description: attachment to upload

  148. 	//   type: file

  149. 	//   required: true

  150. 	// responses:

  151. 	//   "201":

  152. 	//     "$ref": "#/responses/Attachment"

  153. 	//   "400":

  154. 	//     "$ref": "#/responses/error"

  155. 	//   "404":

  156. 	//     "$ref": "#/responses/error"

  157. 	//   "422":

  158. 	//     "$ref": "#/responses/validationError"

  159. 	//   "423":

  160. 	//     "$ref": "#/responses/repoArchivedError"

  161. 

  162. 	issue := getIssueFromContext(ctx)

  163. 	if issue == nil {

  164. 		return

  165. 	}

  166. 

  167. 	if !canUserWriteIssueAttachment(ctx, issue) {

  168. 		return

  169. 	}

  170. 

  171. 	// Get uploaded file from request

  172. 	file, header, err := ctx.Req.FormFile("attachment")

  173. 	if err != nil {

  174. 		ctx.APIErrorInternal(err)

  175. 		return

  176. 	}

  177. 	defer file.Close()

  178. 

  179. 	filename := header.Filename

  180. 	if query := ctx.FormString("name"); query != "" {

  181. 		filename = query

  182. 	}

  183. 

  184. 	attachment, err := attachment_service.UploadAttachment(ctx, file, setting.Attachment.AllowedTypes, header.Size, &repo_model.Attachment{

  185. 		Name:       filename,

  186. 		UploaderID: ctx.Doer.ID,

  187. 		RepoID:     ctx.Repo.Repository.ID,

  188. 		IssueID:    issue.ID,

  189. 	})

  190. 	if err != nil {

  191. 		if upload.IsErrFileTypeForbidden(err) {

  192. 			ctx.APIError(http.StatusUnprocessableEntity, err)

  193. 		} else {

  194. 			ctx.APIErrorInternal(err)

  195. 		}

  196. 		return

  197. 	}

  198. 

  199. 	issue.Attachments = append(issue.Attachments, attachment)

  200. 

  201. 	if err := issue_service.ChangeContent(ctx, issue, ctx.Doer, issue.Content, issue.ContentVersion); err != nil {

  202. 		ctx.APIErrorInternal(err)

  203. 		return

  204. 	}

  205. 

  206. 	ctx.JSON(http.StatusCreated, convert.ToAPIAttachment(ctx.Repo.Repository, attachment))

  207. }

  208. 

  209. // EditIssueAttachment updates the given attachment

  210. func EditIssueAttachment(ctx *context.APIContext) {

  211. 	// swagger:operation PATCH /repos/{owner}/{repo}/issues/{index}/assets/{attachment_id} issue issueEditIssueAttachment

  212. 	// ---

  213. 	// summary: Edit an issue attachment

  214. 	// produces:

  215. 	// - application/json

  216. 	// consumes:

  217. 	// - application/json

  218. 	// parameters:

  219. 	// - name: owner

  220. 	//   in: path

  221. 	//   description: owner of the repo

  222. 	//   type: string

  223. 	//   required: true

  224. 	// - name: repo

  225. 	//   in: path

  226. 	//   description: name of the repo

  227. 	//   type: string

  228. 	//   required: true

  229. 	// - name: index

  230. 	//   in: path

  231. 	//   description: index of the issue

  232. 	//   type: integer

  233. 	//   format: int64

  234. 	//   required: true

  235. 	// - name: attachment_id

  236. 	//   in: path

  237. 	//   description: id of the attachment to edit

  238. 	//   type: integer

  239. 	//   format: int64

  240. 	//   required: true

  241. 	// - name: body

  242. 	//   in: body

  243. 	//   schema:

  244. 	//     "$ref": "#/definitions/EditAttachmentOptions"

  245. 	// responses:

  246. 	//   "201":

  247. 	//     "$ref": "#/responses/Attachment"

  248. 	//   "404":

  249. 	//     "$ref": "#/responses/error"

  250. 	//   "422":

  251. 	//     "$ref": "#/responses/validationError"

  252. 	//   "423":

  253. 	//     "$ref": "#/responses/repoArchivedError"

  254. 

  255. 	attachment := getIssueAttachmentSafeWrite(ctx)

  256. 	if attachment == nil {

  257. 		return

  258. 	}

  259. 

  260. 	// do changes to attachment. only meaningful change is name.

  261. 	form := web.GetForm(ctx).(*api.EditAttachmentOptions)

  262. 	if form.Name != "" {

  263. 		attachment.Name = form.Name

  264. 	}

  265. 

  266. 	if err := attachment_service.UpdateAttachment(ctx, setting.Attachment.AllowedTypes, attachment); err != nil {

  267. 		if upload.IsErrFileTypeForbidden(err) {

  268. 			ctx.APIError(http.StatusUnprocessableEntity, err)

  269. 			return

  270. 		}

  271. 		ctx.APIErrorInternal(err)

  272. 		return

  273. 	}

  274. 

  275. 	ctx.JSON(http.StatusCreated, convert.ToAPIAttachment(ctx.Repo.Repository, attachment))

  276. }

  277. 

  278. // DeleteIssueAttachment delete a given attachment

  279. func DeleteIssueAttachment(ctx *context.APIContext) {

  280. 	// swagger:operation DELETE /repos/{owner}/{repo}/issues/{index}/assets/{attachment_id} issue issueDeleteIssueAttachment

  281. 	// ---

  282. 	// summary: Delete an issue attachment

  283. 	// produces:

  284. 	// - application/json

  285. 	// parameters:

  286. 	// - name: owner

  287. 	//   in: path

  288. 	//   description: owner of the repo

  289. 	//   type: string

  290. 	//   required: true

  291. 	// - name: repo

  292. 	//   in: path

  293. 	//   description: name of the repo

  294. 	//   type: string

  295. 	//   required: true

  296. 	// - name: index

  297. 	//   in: path

  298. 	//   description: index of the issue

  299. 	//   type: integer

  300. 	//   format: int64

  301. 	//   required: true

  302. 	// - name: attachment_id

  303. 	//   in: path

  304. 	//   description: id of the attachment to delete

  305. 	//   type: integer

  306. 	//   format: int64

  307. 	//   required: true

  308. 	// responses:

  309. 	//   "204":

  310. 	//     "$ref": "#/responses/empty"

  311. 	//   "404":

  312. 	//     "$ref": "#/responses/error"

  313. 	//   "423":

  314. 	//     "$ref": "#/responses/repoArchivedError"

  315. 

  316. 	attachment := getIssueAttachmentSafeWrite(ctx)

  317. 	if attachment == nil {

  318. 		return

  319. 	}

  320. 

  321. 	if err := repo_model.DeleteAttachment(ctx, attachment, true); err != nil {

  322. 		ctx.APIErrorInternal(err)

  323. 		return

  324. 	}

  325. 

  326. 	ctx.Status(http.StatusNoContent)

  327. }

  328. 

  329. func getIssueFromContext(ctx *context.APIContext) *issues_model.Issue {

  330. 	issue, err := issues_model.GetIssueByIndex(ctx, ctx.Repo.Repository.ID, ctx.PathParamInt64("index"))

  331. 	if err != nil {

  332. 		ctx.NotFoundOrServerError(err)

  333. 		return nil

  334. 	}

  335. 

  336. 	issue.Repo = ctx.Repo.Repository

  337. 

  338. 	return issue

  339. }

  340. 

  341. func getIssueAttachmentSafeWrite(ctx *context.APIContext) *repo_model.Attachment {

  342. 	issue := getIssueFromContext(ctx)

  343. 	if issue == nil {

  344. 		return nil

  345. 	}

  346. 

  347. 	if !canUserWriteIssueAttachment(ctx, issue) {

  348. 		return nil

  349. 	}

  350. 

  351. 	return getIssueAttachmentSafeRead(ctx, issue)

  352. }

  353. 

  354. func getIssueAttachmentSafeRead(ctx *context.APIContext, issue *issues_model.Issue) *repo_model.Attachment {

  355. 	attachment, err := repo_model.GetAttachmentByID(ctx, ctx.PathParamInt64("attachment_id"))

  356. 	if err != nil {

  357. 		ctx.NotFoundOrServerError(err)

  358. 		return nil

  359. 	}

  360. 	if !attachmentBelongsToRepoOrIssue(ctx, attachment, issue) {

  361. 		return nil

  362. 	}

  363. 	return attachment

  364. }

  365. 

  366. func canUserWriteIssueAttachment(ctx *context.APIContext, issue *issues_model.Issue) bool {

  367. 	canEditIssue := ctx.IsSigned && (ctx.Doer.ID == issue.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin() || ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull))

  368. 	if !canEditIssue {

  369. 		ctx.APIError(http.StatusForbidden, "user should have permission to write issue")

  370. 		return false

  371. 	}

  372. 

  373. 	return true

  374. }

  375. 

  376. func attachmentBelongsToRepoOrIssue(ctx *context.APIContext, attachment *repo_model.Attachment, issue *issues_model.Issue) bool {

  377. 	if attachment.RepoID != ctx.Repo.Repository.ID {

  378. 		log.Debug("Requested attachment[%d] does not belong to repo[%-v].", attachment.ID, ctx.Repo.Repository)

  379. 		ctx.APIErrorNotFound("no such attachment in repo")

  380. 		return false

  381. 	}

  382. 	if attachment.IssueID == 0 {

  383. 		log.Debug("Requested attachment[%d] is not in an issue.", attachment.ID)

  384. 		ctx.APIErrorNotFound("no such attachment in issue")

  385. 		return false

  386. 	} else if issue != nil && attachment.IssueID != issue.ID {

  387. 		log.Debug("Requested attachment[%d] does not belong to issue[%d, #%d].", attachment.ID, issue.ID, issue.Index)

  388. 		ctx.APIErrorNotFound("no such attachment in issue")

  389. 		return false

  390. 	}

  391. 	return true

  392. }