forgejo/routers/api/v1
Earl Warren e658a6a9cd
[GITEA] API commentAssignment() to verify the id belongs
Instead of repeating the tests that verify the ID of a comment
is related to the repository of the API endpoint, add the middleware
function commentAssignment() to assign ctx.Comment if the ID of the
comment is verified to be related to the repository.

There already are integration tests for cases of potential unrelated
comment IDs that cover some of the modified endpoints which covers the
commentAssignment() function logic.

* TestAPICommentReactions - GetIssueCommentReactions
* TestAPICommentReactions - PostIssueCommentReaction
* TestAPICommentReactions - DeleteIssueCommentReaction
* TestAPIEditComment - EditIssueComment
* TestAPIDeleteComment - DeleteIssueComment
* TestAPIGetCommentAttachment - GetIssueCommentAttachment

The other modified endpoints do not have tests to verify cases of
potential unrelated comment IDs. They no longer need to because they
no longer implement the logic to enforce this. They however all have
integration tests that verify the commentAssignment() they now rely on
does not introduce a regression.

* TestAPIGetComment - GetIssueComment
* TestAPIListCommentAttachments - ListIssueCommentAttachments
* TestAPICreateCommentAttachment - CreateIssueCommentAttachment
* TestAPIEditCommentAttachment - EditIssueCommentAttachment
* TestAPIDeleteCommentAttachment - DeleteIssueCommentAttachment

(cherry picked from commit d414376d749041da1be288c02fdaa24fddeafd5c)
(cherry picked from commit 09db07aeaed167edc66cb832b0aa54b31d14f0d8)
(cherry picked from commit f44830c3cba0b9416505a2b0b560cfa096ffeb7c)

Conflicts:
	modules/context/api.go
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 9d1bf7be15420ce4ca6e92a8bd048d483172de3b)
2024-02-05 16:09:43 +01:00
..
activitypub More refactoring of db.DefaultContext (#27083) 2023-09-15 06:13:19 +00:00
admin Unify user update methods (#28733) 2024-02-04 13:29:09 +00:00
misc Always enable caches (#28527) 2023-12-19 09:29:05 +00:00
notify Use db.Find instead of writing methods for every object (#28084) 2023-11-24 03:49:41 +00:00
org Unify user update methods (#28733) 2024-02-04 13:29:09 +00:00
packages Another round of db.DefaultContext refactor (#27103) 2023-09-25 13:17:37 +00:00
repo [GITEA] API commentAssignment() to verify the id belongs 2024-02-05 16:09:43 +01:00
settings Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
shared Add get actions runner registration token for API routes, repo, org, user and global level (#27144) 2023-12-27 07:57:54 +00:00
swagger [GITEA] POST /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments 2024-02-05 16:09:42 +01:00
user Unify user update methods (#28733) 2024-02-04 13:29:09 +00:00
utils Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
api.go [GITEA] API commentAssignment() to verify the id belongs 2024-02-05 16:09:43 +01:00