diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index c1733095cf9..69ad9cd0ed1 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -1426,9 +1426,9 @@ func Routes() *web.Router { Delete(reqToken(), repo.DeleteTopic) }, reqAdmin()) }, reqAnyRepoReader()) - m.Get("/issue_templates", context.ReferencesGitRepo(), repo.GetIssueTemplates) - m.Get("/issue_config", context.ReferencesGitRepo(), repo.GetIssueConfig) - m.Get("/issue_config/validate", context.ReferencesGitRepo(), repo.ValidateIssueConfig) + m.Get("/issue_templates", reqRepoReader(unit.TypeCode), context.ReferencesGitRepo(), repo.GetIssueTemplates) + m.Get("/issue_config", reqRepoReader(unit.TypeCode), context.ReferencesGitRepo(), repo.GetIssueConfig) + m.Get("/issue_config/validate", reqRepoReader(unit.TypeCode), context.ReferencesGitRepo(), repo.ValidateIssueConfig) m.Get("/languages", reqRepoReader(unit.TypeCode), repo.GetLanguages) m.Get("/licenses", reqRepoReader(unit.TypeCode), repo.GetLicenses) m.Get("/activities/feeds", repo.ListRepoActivityFeeds) diff --git a/tests/integration/api_issue_config_test.go b/tests/integration/api_issue_config_test.go index f6045e1a805..b5df10f66c7 100644 --- a/tests/integration/api_issue_config_test.go +++ b/tests/integration/api_issue_config_test.go @@ -8,6 +8,7 @@ import ( "net/http" "testing" + auth_model "code.gitea.io/gitea/models/auth" repo_model "code.gitea.io/gitea/models/repo" "code.gitea.io/gitea/models/unittest" user_model "code.gitea.io/gitea/models/user" @@ -179,3 +180,19 @@ func TestAPIRepoValidateIssueConfig(t *testing.T) { assert.NotEmpty(t, issueConfigValidation.Message) }) } + +func TestAPIRepoIssueConfigRequiresCodeUnit(t *testing.T) { + defer tests.PrepareTestEnv(t)() + + repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 24}) + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) + token := getUserToken(t, user.Name, auth_model.AccessTokenScopeReadRepository) + + for _, path := range []string{ + fmt.Sprintf("/api/v1/repos/%s/issue_config", repo.FullName()), + fmt.Sprintf("/api/v1/repos/%s/issue_config/validate", repo.FullName()), + } { + req := NewRequest(t, "GET", path).AddTokenAuth(token) + MakeRequest(t, req, http.StatusForbidden) + } +} diff --git a/tests/integration/api_issue_templates_test.go b/tests/integration/api_issue_templates_test.go index 6b65e6e0867..f96c141a832 100644 --- a/tests/integration/api_issue_templates_test.go +++ b/tests/integration/api_issue_templates_test.go @@ -8,10 +8,12 @@ import ( "net/url" "testing" + auth_model "code.gitea.io/gitea/models/auth" repo_model "code.gitea.io/gitea/models/repo" "code.gitea.io/gitea/models/unittest" user_model "code.gitea.io/gitea/models/user" api "code.gitea.io/gitea/modules/structs" + "code.gitea.io/gitea/tests" "github.com/stretchr/testify/assert" ) @@ -53,3 +55,19 @@ about: bar assert.Equal(t, "error occurs when parsing issue template: count=2", resp.Header().Get("X-Gitea-Warning")) }) } + +func TestAPIIssueTemplateRequiresCodeUnit(t *testing.T) { + defer tests.PrepareTestEnv(t)() + + repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 24}) + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) + token := getUserToken(t, user.Name, auth_model.AccessTokenScopeReadRepository) + issueTemplatesURL := "/api/v1/repos/" + repo.FullName() + "/issue_templates" + languagesURL := "/api/v1/repos/" + repo.FullName() + "/languages" + + req := NewRequest(t, "GET", issueTemplatesURL).AddTokenAuth(token) + MakeRequest(t, req, http.StatusForbidden) + + req = NewRequest(t, "GET", languagesURL).AddTokenAuth(token) + MakeRequest(t, req, http.StatusForbidden) +}