Fix wrong permissions check when issues/prs shared operations (#9885)

* Fix wrong permissions check when issues/prs shared operations * move redirect to the last of the function * fix swagger Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
2020-01-20 20:00:32 +08:00 · 2020-01-20 20:00:32 +08:00 · 6d6f1d568e
commit 6d6f1d568e
parent 81cfe243f9
11 changed files with 43 additions and 28 deletions
--- a/modules/context/repo.go
+++ b/modules/context/repo.go
@ -134,7 +134,7 @@ func (r *Repository) CanUseTimetracker(issue *models.Issue, user *models.User) b
 	// 2. Is the user a contributor, admin, poster or assignee and do the repository policies require this?
 	isAssigned, _ := models.IsUserAssignedToIssue(issue, user)
 	return r.Repository.IsTimetrackerEnabled() && (!r.Repository.AllowOnlyContributorsToTrackTime() ||
-		r.Permission.CanWrite(models.UnitTypeIssues) || issue.IsPoster(user.ID) || isAssigned)
+		r.Permission.CanWriteIssuesOrPulls(issue.IsPull) || issue.IsPoster(user.ID) || isAssigned)
 }

 // CanCreateIssueDependencies returns whether or not a user can create dependencies.