3 files changed, 21 insertions, 3 deletions

diff --git a/internal/route/repo/http.go b/internal/route/repo/http.go
index 89c7fa24..e8e1ac15 100644
--- a/internal/route/repo/http.go
+++ b/internal/route/repo/http.go
@@ -153,7 +153,7 @@ func HTTPContexter() macaron.Handler {
 					return
 				}
 			}
-		} else if authUser.IsEnabledTwoFactor() {
+		} else if db.TwoFactors.IsEnabled(c.Req.Context(), authUser.ID) {
 			askCredentials(c, http.StatusUnauthorized, `User with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password
 Please create and use personal access token on user settings page`)
 			return
diff --git a/internal/route/repo/issue.go b/internal/route/repo/issue.go
index cf59856e..f6a0d1b5 100644
--- a/internal/route/repo/issue.go
+++ b/internal/route/repo/issue.go
@@ -612,7 +612,16 @@ func viewIssue(c *context.Context, isPullList bool) {
 			if repo.IsOwnedBy(comment.PosterID) ||
 				(repo.Owner.IsOrganization() && repo.Owner.IsOwnedBy(comment.PosterID)) {
 				comment.ShowTag = db.COMMENT_TAG_OWNER
-			} else if comment.Poster.IsWriterOfRepo(repo) {
+			} else if db.Perms.Authorize(
+				c.Req.Context(),
+				comment.PosterID,
+				repo.ID,
+				db.AccessModeWrite,
+				db.AccessModeOptions{
+					OwnerID: repo.OwnerID,
+					Private: repo.IsPrivate,
+				},
+			) {
 				comment.ShowTag = db.COMMENT_TAG_WRITER
 			} else if comment.PosterID == issue.PosterID {
 				comment.ShowTag = db.COMMENT_TAG_POSTER
diff --git a/internal/route/repo/pull.go b/internal/route/repo/pull.go
index d65b1e10..2745c336 100644
--- a/internal/route/repo/pull.go
+++ b/internal/route/repo/pull.go
@@ -510,7 +510,16 @@ func ParseCompareInfo(c *context.Context) (*db.User, *db.Repository, *git.Reposi
 		headGitRepo = c.Repo.GitRepo
 	}
 
-	if !c.User.IsWriterOfRepo(headRepo) && !c.User.IsAdmin {
+	if !db.Perms.Authorize(
+		c.Req.Context(),
+		c.User.ID,
+		headRepo.ID,
+		db.AccessModeWrite,
+		db.AccessModeOptions{
+			OwnerID: headRepo.OwnerID,
+			Private: headRepo.IsPrivate,
+		},
+	) && !c.User.IsAdmin {
 		log.Trace("ParseCompareInfo [base_repo_id: %d]: does not have write access or site admin", baseRepo.ID)
 		c.NotFound()
 		return nil, nil, nil, nil, "", ""