Check user instead of organization when creating a repo from a template via API (#16346) (#17195)

* Check user instead of organization

* Enforce that only admins can copy a repo to another user

Co-authored-by: Ion Jaureguialzo Sarasola <ion@jaureguialzo.com>
release/v1.15
6543 2021-10-01 10:16:28 +02:00 committed by GitHub
parent eb5e6f09eb
commit 28971c7c15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 4 deletions

View File

@ -374,16 +374,21 @@ func Generate(ctx *context.APIContext) {
ctxUser := ctx.User
var err error
if form.Owner != ctxUser.Name {
ctxUser, err = models.GetOrgByName(form.Owner)
ctxUser, err = models.GetUserByName(form.Owner)
if err != nil {
if models.IsErrOrgNotExist(err) {
if models.IsErrUserNotExist(err) {
ctx.JSON(http.StatusNotFound, map[string]interface{}{
"error": "request owner `" + form.Name + "` is not exist",
"error": "request owner `" + form.Owner + "` does not exist",
})
return
}
ctx.Error(http.StatusInternalServerError, "GetOrgByName", err)
ctx.Error(http.StatusInternalServerError, "GetUserByName", err)
return
}
if !ctx.User.IsAdmin && !ctxUser.IsOrganization() {
ctx.Error(http.StatusForbidden, "", "Only admin can generate repository for other user.")
return
}