oleks/gitea
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects 2 Releases Wiki Activity

fix(api): default same-repo issue dependencies to current repo #23

Merged
oleks merged 1 commits from fix/issue-22-dependencies-api-same-repo into main 2026-06-20 01:44:39 +03:00
Conversation 0 Commits 1 Files Changed 2
+30 -1
oleks commented 2026-06-20 01:44:28 +03:00
Owner
Copy Link
Copy Source

What

The issue dependencies/blocks POST and DELETE API handlers (/repos/{owner}/{repo}/issues/{index}/dependencies and .../blocks) 500'd whenever the request body omitted owner/repo — i.e. for a same-repo dependency.

Root cause

getFormIssue in routers/api/v1/repo/issue_dependency.go decided cross-repo vs same-repo with:

if form.Owner != ctx.Repo.Repository.OwnerName || form.Name != ctx.Repo.Repository.Name {

When owner/repo are omitted they are empty strings, which differ from the current repo's owner/name, so the handler took the cross-repo branch and called GetRepositoryByOwnerAndName(ctx, "", "")repository does not exist [id: 0, uid: 0, owner_name: , name: ] (500). This fired whenever ALLOW_CROSS_REPOSITORY_DEPENDENCIES was enabled — which is the default (MustBool(true)).

Note: the IssueMeta JSON field for the repo name is repo, not name; but even with the correct field names, a same-repo dependency required spelling out owner+repo redundantly.

Fix

Treat an empty (or matching) owner/repo as the current repository:

sameRepo := (form.Owner == "" || form.Owner == ctx.Repo.Repository.OwnerName) &&
    (form.Name == "" || form.Name == ctx.Repo.Repository.Name)

So POST .../dependencies with body {"index": N} now adds a same-repo dependency and returns 201. Cross-repo lookups are unchanged. All four handlers (dependencies + blocks, create + remove) route through getFormIssue, so one change covers them.

Tests

Added TestAPICreateIssueDependencySameRepoOmitOwnerRepo — posts {"index": N} with owner/repo omitted and asserts 201 + the dependency row exists. Existing cross-repo permission tests still pass (go test -run IssueDependency ./tests/integration/).

Fixes #22

Co-Authored-By: Claude Opus 4.8 (1M context) noreply@anthropic.com

🤖 Generated with Claude Code

## What The issue dependencies/blocks **POST** and **DELETE** API handlers (`/repos/{owner}/{repo}/issues/{index}/dependencies` and `.../blocks`) 500'd whenever the request body omitted `owner`/`repo` — i.e. for a **same-repo** dependency. ## Root cause `getFormIssue` in `routers/api/v1/repo/issue_dependency.go` decided cross-repo vs same-repo with: ```go if form.Owner != ctx.Repo.Repository.OwnerName || form.Name != ctx.Repo.Repository.Name { ``` When `owner`/`repo` are omitted they are empty strings, which differ from the current repo's owner/name, so the handler took the **cross-repo** branch and called `GetRepositoryByOwnerAndName(ctx, "", "")` → `repository does not exist [id: 0, uid: 0, owner_name: , name: ]` (500). This fired whenever `ALLOW_CROSS_REPOSITORY_DEPENDENCIES` was enabled — which is the **default** (`MustBool(true)`). Note: the IssueMeta JSON field for the repo name is `repo`, not `name`; but even with the correct field names, a same-repo dependency required spelling out owner+repo redundantly. ## Fix Treat an empty (or matching) `owner`/`repo` as the current repository: ```go sameRepo := (form.Owner == "" || form.Owner == ctx.Repo.Repository.OwnerName) && (form.Name == "" || form.Name == ctx.Repo.Repository.Name) ``` So `POST .../dependencies` with body `{"index": N}` now adds a same-repo dependency and returns **201**. Cross-repo lookups are unchanged. All four handlers (dependencies + blocks, create + remove) route through `getFormIssue`, so one change covers them. ## Tests Added `TestAPICreateIssueDependencySameRepoOmitOwnerRepo` — posts `{"index": N}` with `owner`/`repo` omitted and asserts 201 + the dependency row exists. Existing cross-repo permission tests still pass (`go test -run IssueDependency ./tests/integration/`). Fixes #22 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 🤖 Generated with [Claude Code](https://claude.com/claude-code)
oleks added 1 commit 2026-06-20 01:44:28 +03:00
fix(api): default same-repo issue dependencies to current repo 9644118fac 
The dependencies/blocks POST and DELETE handlers read the dependency's
repo from the IssueMeta body. When owner/repo were omitted (a same-repo
dependency), the empty strings differed from the current repo's
owner/name, so the handler took the cross-repo branch and looked up an
empty ("", "") repository — returning 500 "repository does not exist
[id: 0]" whenever ALLOW_CROSS_REPOSITORY_DEPENDENCIES was on (the
default).

Treat an empty or matching owner/repo as the current repository so that
`{"index": N}` adds a same-repo dependency and returns 201. Cross-repo
lookups are unchanged.

Fixes #22

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
oleks merged commit 764ca62aa8 into main 2026-06-20 01:44:39 +03:00
oleks deleted branch fix/issue-22-dependencies-api-same-repo 2026-06-20 01:44:39 +03:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
activity/build
area/milestone-sse
domain/fleet
kind/backend
kind/deploy
kind/frontend
kind/research
provisional-activity
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Assignees
Clear assignees
oleks
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: oleks/gitea#23
Delete Branch "fix/issue-22-dependencies-api-same-repo"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?