domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Remove GetByBean method because sometimes it's danger when query condition parameter is zero and also introduce new generic methods (#28220)

Browse source 
The function `GetByBean` has an obvious defect that when the fields are
empty values, it will be ignored. Then users will get a wrong result
which is possibly used to make a security problem.

To avoid the possibility, this PR removed function `GetByBean` and all
references.
And some new generic functions have been introduced to be used.

The recommand usage like below.

```go
// if query an object according id
obj, err := db.GetByID[Object](ctx, id)
// query with other conditions
obj, err := db.Get[Object](ctx, builder.Eq{"a": a, "b":b})
```
This commit is contained in:
Lunny Xiao 2023-12-07 15:27:36 +08:00 committed by GitHub
parent beb71f5ef6
commit dd30d9d5c0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
28 changed files with 189 additions and 174 deletions
Download patch file Download diff file Expand all files Collapse all files

4
models/issues/assignees.go
View file

@ -10,6 +10,8 @@ import (
"code.gitea.io/gitea/models/db"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/util"
"xorm.io/builder"
)
// IssueAssignees saves all issue assignees
@ -59,7 +61,7 @@ func GetAssigneeIDsByIssue(ctx context.Context, issueID int64) ([]int64, error)
// IsUserAssignedToIssue returns true when the user is assigned to the issue
func IsUserAssignedToIssue(ctx context.Context, issue *Issue, user *user_model.User) (isAssigned bool, err error) {
return db.GetByBean(ctx, &IssueAssignees{IssueID: issue.ID, AssigneeID: user.ID})
return db.Exist[IssueAssignees](ctx, builder.Eq{"assignee_id": user.ID, "issue_id": issue.ID})
}
// ToggleIssueAssignee changes a user between assigned and not assigned for this issue, and make issue comment for it.