Skip to content

Fix track time list permission check#36662

Merged
lunny merged 10 commits intogo-gitea:mainfrom
lunny:lunny/fix_track_time_perm
Feb 24, 2026
Merged

Fix track time list permission check#36662
lunny merged 10 commits intogo-gitea:mainfrom
lunny:lunny/fix_track_time_perm

Conversation

@lunny
Copy link
Copy Markdown
Member

@lunny lunny commented Feb 17, 2026

No description provided.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Feb 17, 2026
@github-actions github-actions bot added the modifies/go Pull requests that update Go code label Feb 17, 2026
@silverwind silverwind requested a review from Copilot February 17, 2026 21:00
Copilot AI reviewed Feb 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a repository-permission gate to tracked-time conversions so private issue tracked times are filtered out for users without access.

Changes:

  • Add permission-check (with per-repo permission caching) to ToTrackedTimeList.
  • Add unit test covering public vs private issue tracked times for regular vs admin users.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
services/convert/issue.go Filters tracked times by repo/issue read permissions before converting to API objects.
services/convert/issue_test.go Adds regression test ensuring tracked-time list conversion respects permissions.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

lunny and others added 4 commits February 19, 2026 14:09
@lunny
Update services/convert/issue.go
085b892 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
@lunny
Add more tests
c8a36b3
@lunny
Merge branch 'main' into lunny/fix_track_time_perm
7ebd748
@lunny
Merge branch 'main' into lunny/fix_track_time_perm
db0d13c
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Feb 22, 2026
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 24, 2026
@lunny lunny added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Feb 24, 2026
@lunny lunny enabled auto-merge (squash) February 24, 2026 19:52
@lunny lunny merged commit ed57c70 into go-gitea:main Feb 24, 2026
26 checks passed
@GiteaBot GiteaBot added this to the 1.26.0 milestone Feb 24, 2026
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Feb 24, 2026
GiteaBot pushed a commit to GiteaBot/gitea that referenced this pull request Feb 25, 2026
@lunny
@wxiaoguang @GiteaBot
Fix track time list permission check (go-gitea#36662)
7878f9f 
Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
@GiteaBot GiteaBot mentioned this pull request Feb 25, 2026
Merged
@GiteaBot GiteaBot added the backport/done All backports for this PR have been created label Feb 25, 2026
@lunny lunny deleted the lunny/fix_track_time_perm branch February 25, 2026 01:14
zjjhot added a commit to zjjhot/gitea that referenced this pull request Feb 25, 2026
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
725a936 
* giteaofficial/main:
  Fix path resolving (go-gitea#36734)
  [skip ci] Updated translations via Crowdin
  Fix track time list permission check (go-gitea#36662)
  Fix incorrect setting loading order (go-gitea#36735)
  Use case-insensitive matching for Git error "Not a valid object name" (go-gitea#36728)
  feat: Add workflow dependencies visualization (go-gitea#36248)
lunny added a commit that referenced this pull request Feb 25, 2026
@GiteaBot @lunny
@wxiaoguang
Fix track time list permission check (#36662) (#36744)
00566cc 
Backport #36662 by @lunny

Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
silverwind added a commit to silverwind/gitea that referenced this pull request Feb 26, 2026
@silverwind
Merge branch 'main' into dropdowncss
0be7aea 
* main: (24 commits)
  Instance-wide (global) info banner and maintenance mode (go-gitea#36571)
  Add created_by filter to SearchIssues (go-gitea#36670)
  Inline and lazy-load EasyMDE CSS, fix border colors (go-gitea#36714)
  Fix release draft access check logic (go-gitea#36720)
  Change image transparency grid to CSS (go-gitea#36711)
  Avoid opening new tab when downloading actions logs (go-gitea#36740)
  Add validation constraints for repository creation fields (go-gitea#36671)
  Fix SVG height calculation in diff viewer (go-gitea#36748)
  Fix path resolving (go-gitea#36734)
  [skip ci] Updated translations via Crowdin
  Fix track time list permission check (go-gitea#36662)
  Fix incorrect setting loading order (go-gitea#36735)
  Use case-insensitive matching for Git error "Not a valid object name" (go-gitea#36728)
  feat: Add workflow dependencies visualization (go-gitea#36248)
  Add keyboard shortcuts for repository file and code search (go-gitea#36416)
  Refactor text utility classes to Tailwind CSS (go-gitea#36703)
  Prevent redirect bypasses via backslash-encoded paths (go-gitea#36660)
  Fix force push time-line commit comments of pull request (go-gitea#36653)
  Fix get release draft permission check (go-gitea#36659)
  Move `X_FRAME_OPTIONS` setting from `cors` to `security` section (go-gitea#30256)
  ...

# Conflicts:
#	web_src/css/base.css
#	web_src/css/index.css
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@silverwind silverwind silverwind approved these changes

@Zettat123 Zettat123 Zettat123 approved these changes

Assignees

No one assigned

Labels

backport/done All backports for this PR have been created backport/v1.25 lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/go Pull requests that update Go code type/bug

Projects

None yet

Milestone

1.26.0

Development

Successfully merging this pull request may close these issues.

6 participants

@lunny @silverwind @Zettat123 @GiteaBot @wxiaoguang