Fix bug that collaborators are able to modify settings of repository
This commit is contained in:
Unknown
parent
cdffdeddc9
commit
36292060d6
2 changed files with 3 additions and 3 deletions
|
|
@ -186,7 +186,7 @@ func runWeb(*cli.Context) {
|
|||
m.Get("/template/**", dev.TemplatePreview)
|
||||
}
|
||||
|
||||
reqOwner := middleware.RequireOwner()
|
||||
reqTrueOwner := middleware.RequireTrueOwner()
|
||||
|
||||
m.Group("/org", func(r martini.Router) {
|
||||
r.Get("/create", org.New)
|
||||
|
|
@ -218,7 +218,7 @@ func runWeb(*cli.Context) {
|
|||
r.Get("/hooks/:id", repo.WebHooksEdit)
|
||||
r.Post("/hooks/:id", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksEditPost)
|
||||
})
|
||||
}, reqSignIn, middleware.RepoAssignment(true), reqOwner)
|
||||
}, reqSignIn, middleware.RepoAssignment(true), reqTrueOwner)
|
||||
|
||||
m.Group("/:username/:reponame", func(r martini.Router) {
|
||||
r.Get("/action/:action", repo.Action)
|
||||
|
|
|
|||
|
|
@ -260,7 +260,7 @@ func RepoAssignment(redirect bool, args ...bool) martini.Handler {
|
|||
}
|
||||
}
|
||||
|
||||
func RequireOwner() martini.Handler {
|
||||
func RequireTrueOwner() martini.Handler {
|
||||
return func(ctx *Context) {
|
||||
if !ctx.Repo.IsTrueOwner {
|
||||
if !ctx.IsSigned {
|
||||
|
|
|
|||
Loading…
Reference in a new issue