From 64122b18d884d7d8118bbb507cd5a88f340bbbce Mon Sep 17 00:00:00 2001
From: yp05327 <576951401@qq.com>
Date: Tue, 10 Dec 2024 05:11:45 +0000
Subject: [PATCH 1/3] fix

---
 routers/api/v1/repo/issue_label.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/routers/api/v1/repo/issue_label.go b/routers/api/v1/repo/issue_label.go
index 2f5ea8931b148..a5d16d9f89160 100644
--- a/routers/api/v1/repo/issue_label.go
+++ b/routers/api/v1/repo/issue_label.go
@@ -351,8 +351,8 @@ func prepareForReplaceOrAdd(ctx *context.APIContext, form api.IssueLabelsOption)
 	}
 
 	if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
-		ctx.Status(http.StatusForbidden)
-		return nil, nil, nil
+		ctx.Error(http.StatusForbidden, "CanWriteIssuesOrPulls", "you should have write access to issue")
+		return nil, nil, fmt.Errorf("permission denied")
 	}
 
 	return issue, labels, err

From a8f6879b85895758c06e7b4116db8655faee60cb Mon Sep 17 00:00:00 2001
From: yp05327 <576951401@qq.com>
Date: Tue, 10 Dec 2024 05:16:28 +0000
Subject: [PATCH 2/3] improve

---
 routers/api/v1/repo/issue_label.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/routers/api/v1/repo/issue_label.go b/routers/api/v1/repo/issue_label.go
index a5d16d9f89160..9c2f4071a6f87 100644
--- a/routers/api/v1/repo/issue_label.go
+++ b/routers/api/v1/repo/issue_label.go
@@ -351,7 +351,7 @@ func prepareForReplaceOrAdd(ctx *context.APIContext, form api.IssueLabelsOption)
 	}
 
 	if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
-		ctx.Error(http.StatusForbidden, "CanWriteIssuesOrPulls", "you should have write access to issue")
+		ctx.Error(http.StatusForbidden, "CanWriteIssuesOrPulls", "write permission is required")
 		return nil, nil, fmt.Errorf("permission denied")
 	}
 

From 8e7f3669ff76675a38daa2242223c1da5067be4f Mon Sep 17 00:00:00 2001
From: yp05327 <576951401@qq.com>
Date: Tue, 10 Dec 2024 05:29:04 +0000
Subject: [PATCH 3/3] check permission before query labels

---
 routers/api/v1/repo/issue_label.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/routers/api/v1/repo/issue_label.go b/routers/api/v1/repo/issue_label.go
index 9c2f4071a6f87..cc517619e97d0 100644
--- a/routers/api/v1/repo/issue_label.go
+++ b/routers/api/v1/repo/issue_label.go
@@ -319,6 +319,11 @@ func prepareForReplaceOrAdd(ctx *context.APIContext, form api.IssueLabelsOption)
 		return nil, nil, err
 	}
 
+	if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
+		ctx.Error(http.StatusForbidden, "CanWriteIssuesOrPulls", "write permission is required")
+		return nil, nil, fmt.Errorf("permission denied")
+	}
+
 	var (
 		labelIDs   []int64
 		labelNames []string
@@ -350,10 +355,5 @@ func prepareForReplaceOrAdd(ctx *context.APIContext, form api.IssueLabelsOption)
 		return nil, nil, err
 	}
 
-	if !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
-		ctx.Error(http.StatusForbidden, "CanWriteIssuesOrPulls", "write permission is required")
-		return nil, nil, fmt.Errorf("permission denied")
-	}
-
 	return issue, labels, err
 }